[jira] [Updated] (AMBARI-25169) Upgrade Apache Solr version to 7.7.0 or later in Ambari

Krisztian Kasa (JIRA) Tue, 05 Mar 2019 04:15:19 -0800


     [ 
https://issues.apache.org/jira/browse/AMBARI-25169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Krisztian Kasa updated AMBARI-25169:
------------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Upgrade Apache Solr version to 7.7.0 or later in Ambari
> -------------------------------------------------------
>
>                 Key: AMBARI-25169
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25169
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-infra
>    Affects Versions: 2.7.3
>            Reporter: Krisztian Kasa
>            Assignee: Krisztian Kasa
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.7.4
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> CVE-2017-3164 SSRF issue in Apache Solr
> Severity: High
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Solr versions from 1.3 to 7.6.0
> Description:
> The "shards" parameter does not have a corresponding whitelist mechanism,
> so it can request any URL.
> Mitigation:
> Upgrade to Apache Solr 7.7.0 or later.
> Ensure your network settings are configured so that only trusted traffic is
> allowed to ingress/egress your hosts running Solr.
> Credit:
> dk from Chaitin Tech
> References:
> https://issues.apache.org/jira/browse/SOLR-12770
> https://wiki.apache.org/solr/SolrSecurity



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (AMBARI-25169) Upgrade Apache Solr version to 7.7.0 or later in Ambari

Reply via email to