Thanks Houston. FYI: I tried to reproduce the issue in my environment (Solr 9.5.0), using the Curl request in SOLR-17417, but I could not, possibly because the authentication configuration has "blockUnknown":true
I applied the patch anyways, to be on the safe side. Isabelle Giguère Computational Linguist & Java Developer Linguiste informaticienne & développeur java ________________________________ De : Houston Putman <hous...@apache.org> Envoyé : 21 octobre 2024 17:01 À : dev@solr.apache.org <dev@solr.apache.org> Objet : [EXTERNAL] - Re: Missing or deleted patch ? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel that the email is suspicious, please report it using PhishAlarm. Thanks for reporting. Both CVE Jira issues from this recent release should now be public. - Houston On Mon, Oct 21, 2024 at 3:52 PM Isabelle Giguere <igigu...@opentext.com.invalid> wrote: > Hello Solr devs; > > I'm looking for a patch or PR to fix this CVE : > https://urldefense.com/v3/__https://solr.apache.org/security.html*cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending__;Iw!!Obbck6kTJA!Y7CzAab8QwEm5VcvlGPLd19ywdlrtO9D43deIuMmiLS340U2a8CGIR1EUl4KqK5YUUpbuiA_j5FMCJxvfA$ > > ASF Jira says the ticket was deleted, or I don't have permissions to view > it. > https://urldefense.com/v3/__https://issues.apache.org/jira/browse/SOLR-17417__;!!Obbck6kTJA!Y7CzAab8QwEm5VcvlGPLd19ywdlrtO9D43deIuMmiLS340U2a8CGIR1EUl4KqK5YUUpbuiA_j5FLxBSEAQ$ > > I am logged in and I can view other issues. So why not this one ? > > Isabelle Giguère > > > >
