[
https://issues.apache.org/jira/browse/SOLR-18082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18069322#comment-18069322
]
ASF subversion and git services commented on SOLR-18082:
--------------------------------------------------------
Commit 52242e69ec515e03db6f3de088ec34c9257b12c6 in solr's branch
refs/heads/branch_10x from Christos Malliaridis
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=52242e69ec5 ]
SOLR-18082: Add jersey BOM to align versions of all jersey dependencies (#4244)
Add jersey BOM to align versions of all jersey dependencies. This also upgrades
org.glassfish.jersey.containers:jersey-container-jetty-http from 2.39.1 to
3.1.11
(cherry picked from commit b32ba6e1936fba920a098a2118e3b02ab3ffc197)
> Upgrade jersey version to 2.47 to fix CVE-2025-12383
> ----------------------------------------------------
>
> Key: SOLR-18082
> URL: https://issues.apache.org/jira/browse/SOLR-18082
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrJ
> Reporter: Isha Kunwar
> Assignee: Christos Malliaridis
> Priority: Major
> Labels: dependencies, pull-request-available
> Fix For: 10.1
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> [https://nvd.nist.gov/vuln/detail/CVE-2025-12383]
>
> In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause
> ignoring of critical SSL configurations - such as mutual authentication,
> custom key/trust stores, and other security settings. This issue may result
> in SSLHandshakeException under normal circumstances, but under certain
> conditions, it could lead to unauthorized trust in insecure servers (see PoC)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
