[
https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603807#comment-17603807
]
Jan Høydahl commented on SOLR-16141:
------------------------------------
Thanks for prompting this [~ivan.viaznikov]. So if you are using extraction
handler (Tika) in your Solr setup to parse MS-Office files, and thus the CVE is
relevant to you, you can start planning for a 9.1 upgrade (and nag for a
release), or you could start advocating for a backport to 8.11 (and nag for a
release) :)
If you are not using /update/extract at all, you are already good since your
use of Solr is not vulnerable in the first place.
> Upgrade Apache Tika to 1.28.4
> -----------------------------
>
> Key: SOLR-16141
> URL: https://issues.apache.org/jira/browse/SOLR-16141
> Project: Solr
> Issue Type: Task
> Components: contrib - Solr Cell (Tika extraction)
> Reporter: Ivan Viaznikov
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 9.1
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1
> includes several bug fixes, including a resolution for CVE-2022-26336, which
> impacts poi-scratchpad.
> By upgrading Tika from 1.28.1 to 1.28.4, we'll get POI 5.2.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
