[jira] [Updated] (SOLR-17900) Multiple CVEs in Apache Hadoop Client Runtime 3.4.0 dependency

Alexander Veit (Jira) Sun, 07 Sep 2025 09:09:06 -0700


     [ 
https://issues.apache.org/jira/browse/SOLR-17900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alexander Veit updated SOLR-17900:
----------------------------------
    Summary: Multiple CVEs in Apache Hadoop Client Runtime 3.4.0 dependency  
(was: Multiple CVEs in Apache Hadoop Client Runtime 3.4.0)

> Multiple CVEs in Apache Hadoop Client Runtime 3.4.0 dependency
> --------------------------------------------------------------
>
>                 Key: SOLR-17900
>                 URL: https://issues.apache.org/jira/browse/SOLR-17900
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.9.0
>            Reporter: Alexander Veit
>            Priority: Major
>              Labels: security
>
> {{org.apache.hadoop:hadoop-client-runtime:3.4.0}} which is included in Solr 
> 9.9.0 comes with multiple CVEs:
>  * CVE-2024-47561 (Score 9.3)
>  * CVE-2023-52428 (Score 8.7)
>  * CVE-2024-25638 (Score 7)
>  * CVE-2024-29133 (Score 6.9)
>  * CVE-2024-26308 (Score 6.7)
>  * CVE-2024-29131 (Score 6.5)
> https://hub.docker.com/layers/library/solr/9.9.0/images/sha256-ac2fceddb02682a90a18224110344d632744eec72ccf441479f873c5f0a2b652



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Updated] (SOLR-17900) Multiple CVEs in Apache Hadoop Client Runtime 3.4.0 dependency

Reply via email to