[
https://issues.apache.org/jira/browse/SOLR-15911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Pugh resolved SOLR-15911.
------------------------------
Resolution: Not A Problem
Not positive which resolution to pick, going with Not a Problem as this has
been fixed at some point in the past... I think as part of the dependency
"tuneup" that was done.
> Protobuf 3.16.1 compatibility
> -----------------------------
>
> Key: SOLR-15911
> URL: https://issues.apache.org/jira/browse/SOLR-15911
> Project: Solr
> Issue Type: Test
> Reporter: Ivan Viaznikov
> Priority: Major
>
> A vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22569) was
> discovered that affects protobuf-java. The version `3.11.0` of this library
> comes as a dependency with `org.apache.solr:solr-clustering` and
> `org.apache.solr:solr-analysis-extras`. However, the vulnerability is only
> fixed in versions `3.19.2`, `3.18.2` and `3.16.1`.
> Therefore, requesting you to clarify if any of the fixed versions of
> protobuf-java are compatible with `org.apache.solr:solr-clustering` and
> `org.apache.solr:solr-analysis-extras`
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
