[
https://issues.apache.org/jira/browse/SOLR-16333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578979#comment-17578979
]
Gus Heck commented on SOLR-16333:
---------------------------------
[~csabelstrom] as with all Apache projects Solr is a volunteer effort, and
certainly we like to clear these things out when we can, but Solr has many
dependencies without a clear reason that the CVE poses an actual threat, this
sort of thing will naturally shuffle down the priority list. You, your company
or someone you hire are of course welcome to make it their own priority and
submit a fix. This is how most work gets done in open source, some one has an
itch and then volunteers to scratch it themselves ;). This page
(https://cwiki.apache.org/confluence/display/SOLR/HowToContribute) can get you
started, and of course we'll be happy to support such efforts on the dev list
> CVE-2021-22569 | CVSS 7 | com.google.protobuf_protobuf-java
> -----------------------------------------------------------
>
> Key: SOLR-16333
> URL: https://issues.apache.org/jira/browse/SOLR-16333
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 9.0, 8.11.2
> Reporter: Chris Sabelstrom
> Priority: Major
> Attachments: image-2022-08-09-10-14-07-215.png
>
>
> Our security scanner detected the following vulnerability. Please upgrade to
> version noted in Status column. Please fix this for 8.11 as well as 9.0.
> !image-2022-08-09-10-14-07-215.png!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
