[
https://issues.apache.org/jira/browse/SOLR-17900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042011#comment-18042011
]
Eric Pugh commented on SOLR-17900:
----------------------------------
Hadoop has been removed in Solr 10, and when it's released, it means there
won't (probably) be a Solr 9.10. Having said that, if you want to supply a PR,
I'd be happy to review. Otherwise, I wouldn't expect this to get resolved.
> Multiple CVEs in Apache Hadoop Client Runtime 3.4.0 dependency
> --------------------------------------------------------------
>
> Key: SOLR-17900
> URL: https://issues.apache.org/jira/browse/SOLR-17900
> Project: Solr
> Issue Type: Bug
> Affects Versions: 9.9.0
> Reporter: Alexander Veit
> Priority: Major
> Labels: security
>
> {{org.apache.hadoop:hadoop-client-runtime:3.4.0}} which is included in Solr
> 9.9.0 comes with multiple CVEs:
> * CVE-2024-47561 (Score 9.3)
> * CVE-2023-52428 (Score 8.7)
> * CVE-2024-25638 (Score 7)
> * CVE-2024-29133 (Score 6.9)
> * CVE-2024-26308 (Score 6.7)
> * CVE-2024-29131 (Score 6.5)
> https://hub.docker.com/layers/library/solr/9.9.0/images/sha256-ac2fceddb02682a90a18224110344d632744eec72ccf441479f873c5f0a2b652
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
