Hi,
Which vulnerability are you talking about?!? We opened a CVE a while
ago, but this was not about Lucene Core. Some checkers have false
positives due to name mismatch.
Am 13.12.2024 um 10:41 schrieb lavanya ponnapoolu:
Hi Team,
We are upgrading lucene-core jar from 4.7.0 to 10.0.0 because of
vulnerability.
org.apache.lucene.document.Field.*Index *but am not finding any alternative
as part of https://lucene.apache.org/core/6_0_0/MIGRATE.html. From
lucene-core-6.0.0 this class files are removed.
Same with *org.apache.lucene.store.SimpleFSDirectory *usage, should it be
changed to NIOFSDirectory?
Also we are using lucene-analyzers-common-4.7.0.jar,
lucene-queries-4.7.0.jar, lucene-queryparser-4.7.0.jar,
lucene-sandbox-4.7.0.jar. When lucene core is upgraded is it recommended to
upgrade all these jars.
Regards,
Lavanya
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail: u...@thetaphi.de
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org
For additional commands, e-mail: java-user-h...@lucene.apache.org
