[jira] [Commented] (SOLR-17899) CVE-2024-30171, CVE-2024-30172, CVE-2024-29857, CVE-2023-33201 : vulnerabilities in Bouncy Castle provider 1.70 dependency

Alexander Veit (Jira) Wed, 17 Sep 2025 12:43:05 -0700


    [ 
https://issues.apache.org/jira/browse/SOLR-17899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020082#comment-18020082
 ]


Alexander Veit commented on SOLR-17899:
---------------------------------------

Already fixed for future Solr 10.x.

https://github.com/apache/solr/commit/a5872dec776f5b9de05a7a216a3022e27d6b223d

> CVE-2024-30171, CVE-2024-30172, CVE-2024-29857, CVE-2023-33201 : 
> vulnerabilities in Bouncy Castle provider 1.70 dependency
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-17899
>                 URL: https://issues.apache.org/jira/browse/SOLR-17899
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.9.0
>            Reporter: Alexander Veit
>            Priority: Major
>              Labels: security
>
> {{org.bouncycastle:bcprov-jdk15on:1.70}} (Dec 2021) which is included in Solr 
> 9.9.0 comes with four CVEs:
>  * [https://nvd.nist.gov/vuln/detail/CVE-2024-30171]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2024-30172]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2024-29857]
>  * [https://nvd.nist.gov/vuln/detail/CVE-2023-33201]
>  Possible solution: Upgrade to the latest 
> {{{}org.bouncycastle:bcprov-jdk18on{}}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Commented] (SOLR-17899) CVE-2024-30171, CVE-2024-30172, CVE-2024-29857, CVE-2023-33201 : vulnerabilities in Bouncy Castle provider 1.70 dependency

Reply via email to