Hi Paul, Ignacio have started the release process for a bug fix release of 8.5.1 last week. We cannot have two releases at the same time so would you agree to start 7.7.3 after 8.5.1 is out ? I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started a. 8.5.1 release) so don't hesitate if you need help or to delegate the release if you don't have the time at the moment.
- Jim Le mar. 18 févr. 2020 à 18:35, Houston Putman <[email protected]> a écrit : > I've backported SOLR-13v69 > <https://issues.apache.org/jira/browse/SOLR-13669>. After you add in > SOLR-14013 Noble, we should be good to go with 7.7.3 I think. > > - Houston > > On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl <[email protected]> wrote: > >> Falde alarm, I needed to update my branch :) >> >> Jan Høydahl >> >> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl <[email protected]>: >> >> What commit hash is the backport of SOLR-13971? I cannot find it and >> there is no CHANGES entry…? >> >> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya < >> [email protected]>: >> >> +1, Houston. That's my understanding as well. Please go ahead with the >> backport. >> >> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[email protected]> >> wrote: >> >>> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care >>> of: >>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356 >>> >>> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the >>> description in the JIRA, it looks like backporting >>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 >>> <https://github.com/apache/lucene-solr/commit/025f8763549q51397284af28091cfd360307baa2> >>> should >>> be enough. Is this correct, or am I missing something? >>> >>> - HOuston >>> >>> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[email protected]> >>> wrote: >>> >>> I’m afraid I don’t have the bandwidth the next couple of weeks. >>> >>> Jan Høydahl >>> >>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul <[email protected]>: >>> > >>> > Do you wish to backport them? >>> > >>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[email protected]> >>> wrote: >>> >> >>> >> According to NVD, there are at least two published CVEs that affects >>> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We >>> cannot release 7.7.3 with these still present. >>> >> >>> >> Jan >>> >> >>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[email protected] >>> <[email protected]>>: >>> >> >>> >> I'm planning to back port SOLR-14013 and do a bug fix release soon. >>> >> Please let me know if there is anything hat you wish to be included >>> >> >>> >> -- >>> >> ----------------------------------------------------- >>> >> Noble Paul >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [email protected] >>> >> For additional commands, e-mail: [email protected] >>> >> >>> >> >>> > >>> > >>> > -- >>> > ----------------------------------------------------- >>> > Noble Paul >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, %-mail: [email protected] >>> > For additional commands, e-mail: [email protected] >>> > >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>
