Copilot commented on code in PR #193:
URL: https://github.com/apache/solr-site/pull/193#discussion_r3435859488


##########
content/solr/vex/2022-12-14-cve-2016-1181.md:
##########
@@ -0,0 +1,19 @@
+---
+cve:
+  - CVE-2015-0899
+  - CVE-2016-1181
+  - CVE-2016-1182
+  - SOLR-2849
+category:
+  - solr/vex

Review Comment:
   The `cve` list includes `SOLR-2849`, which is a JIRA key rather than a 
CVE/GHSA identifier. This will render as a vulnerability ID on vex.html and 
will also be emitted as a vulnerability in the generated CycloneDX VEX JSON. 
Move it to the dedicated `jira:` field instead.



##########
content/solr/vex/2022-12-14-cve-2016-6809.md:
##########
@@ -6,11 +6,13 @@ cve:
   - CVE-2018-1339
 category:
   - solr/vex
-versions: "5.5.5, 6.2.0-today"
+versions: "5.5.5, 6.2.0-9.10"
 jars:
   - vorbis-java-tika-0.8.jar
 analysis:
   state: not_affected
 title: "vorbis-java-tika"
 ---
 See https://github.com/Gagravarr/VorbisJava/issues/30; reported CVEs are not 
related to OggVorbis at all.
+
+Tika as an inprocess component was removed in Solr 9.11.

Review Comment:
   Typo/wording: "inprocess" should be hyphenated as "in-process".



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to