CONFIDENTIAL Hello,
Indeed, I double-checked, and our app does not use lucene-replicator. I silenced my dumb security scanner. Thank you for your help. -----Original Message----- From: Michael Sokolov <msoko...@gmail.com> Sent: Monday, October 28, 2024 3:06 PM To: java-user@lucene.apache.org Subject: Re: Any plans to patch Lucene 8.11.x for CVE-2024-45772 ? [You don't often get email from msoko...@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] EXTERNAL Email. Be careful with links and attachments! If in doubt, click the Report Mail button. Do you actually use org.apache.lucene.replicator.http ? If not then this wouldn't have any material impact on your application. On Mon, Oct 28, 2024 at 4:25 AM Renaud SAINT-GRATIEN <renaud.saintgrat...@amadeus.com.invalid> wrote: > > CONFIDENTIAL > > Hello, > > Is there any plan to patch Lucene 8.11 for CVE-2024-45772 ? > I need to stay on 8.11 branch because my application still runs on Java 8. We > plan to migrate to Java 17 but this cannot be done sooner than mid 2025... > (this is a huge application). > Thank you for this amazing piece of software and thanks for your help! > > Best regards, > > Renaud Saint-Gratien > Software engineer - Rail > TRU-TRD-ENG-RAI-NCE-SRD > --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
