[jira] [Commented] (SOLR-16324) CVE-2022-33980 in commons-configuration2

Kevin Risden (Jira) Fri, 05 Aug 2022 09:05:33 -0700


    [ 
https://issues.apache.org/jira/browse/SOLR-16324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17575932#comment-17575932
 ]


Kevin Risden commented on SOLR-16324:
-------------------------------------

hadoop-common is what pulls in commons-configuration2 - 
https://github.com/apache/hadoop/search?l=Maven+POM&q=commons-configuration2 so 
not sure we can just exclude it. 

> CVE-2022-33980 in commons-configuration2
> ----------------------------------------
>
>                 Key: SOLR-16324
>                 URL: https://issues.apache.org/jira/browse/SOLR-16324
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Andrew Kulick
>            Priority: Major
>
> CVE-2022-33980 is present in org.apache.commons_commons-configuration2:2.7. 
> Upgrading to version 2.8 will remediate the issue



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-16324) CVE-2022-33980 in commons-configuration2

Reply via email to