[
https://issues.apache.org/jira/browse/SOLR-16521?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hariprasad T updated SOLR-16521:
--------------------------------
Security: Public (was: Private (Security Issue))
> Apache Solr SSRF vulnerability
> ------------------------------
>
> Key: SOLR-16521
> URL: https://issues.apache.org/jira/browse/SOLR-16521
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Hariprasad T
> Priority: Major
>
> Hi Team,
> We have a Sitecore project with the version 9.3 and we are using windows Solr
> 8.1.1. We have this Vulnerability "Apache Solr SSRF vulnerability" impacted
> on few of our servers. And below are the patch fix suggested by Solr for this
> vulnerability.
> *Ref:* SOLR-15217 -CVE-2021-27905
> *URL:*
> https://solr.apache.org/security.html#cve-2021-27905-ssrf-vulnerability-with-the-replication-handler
> *Impacted Servers:*
> Many servers like TST, STG, Prod.
> *Mitigation:*
> *(a) Upgrade to Solr 8.8.2 or greater:*
> With Sitecore 9.3 only Solr 8.1.1 version works and recommended so we cannot
> do any upgrade to Solr. Please correct me if I'm wrong.
> *(b) If upgrading is not an option, consider* *applying the patch in
> SOLR-15217:*
> Applied the below fix and its not working. Please suggest any other fix.
> The {{shardsWhitelist}} is defined on shardHandlerFactory element in
> solr.xml. We should rename it so something like "shardsAllowList".
> Thanks in advance!!
> Regards,
> Hariprasad T
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
