[
https://issues.apache.org/jira/browse/SOLR-16949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Houston Putman updated SOLR-16949:
----------------------------------
Security: (was: Private (Security Issue))
> RCE via Backup/Restore APIs - Fix for all file extensions
> ---------------------------------------------------------
>
> Key: SOLR-16949
> URL: https://issues.apache.org/jira/browse/SOLR-16949
> Project: Solr
> Issue Type: Bug
> Components: Backup/Restore
> Affects Versions: 8.11.2
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Blocker
> Fix For: 8.11.3, 9.5, 9.4.1
>
> Attachments: SOLR-16949-1.patch, SOLR-16949-8_11-1.patch,
> SOLR-16949-8_11-2.patch, SOLR-16949-8_11-3.patch, SOLR-16949-8_11.patch,
> SOLR-16949-inputstream-leaks.patch, SOLR-16949-main-protect-lib-1.patch,
> SOLR-16949-main-protect-lib-2.patch, SOLR-16949-main-protect-lib.patch,
> SOLR-16949.patch, jenkins.log.txt.gz
>
>
> Before an 8.11.3 release, https://issues.apache.org/jira/browse/SOLR-16480
> needs to be backported, thus creating this as a blocker.
> Here I am assuming that 8.x is vulnerable to the same attack, which should be
> investigated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
