[
https://issues.apache.org/jira/browse/OFBIZ-12316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415384#comment-17415384
]
ASF subversion and git services commented on OFBIZ-12316:
---------------------------------------------------------
Commit cdf6bd69e5601b06d54e78a1cc037dc6284a28f7 in ofbiz-plugins's branch
refs/heads/release18.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=cdf6bd6 ]
Fixed: The Solr version included in OFBiz has an SSRF vulnerability
(CVE-2021-27905) (OFBIZ-12316)
This post-auth security issue was reported to the security team by weinull orz
<[email protected]> As he suggested the solution is to update Solr to its last
version (8.9.0)
This solution contains a (justified) rant!
Thanks: weinull orz
Conflicts handled by hand (hence the numerous unnecessary automatic changes due
to my editor (Scite) config
# lucene/build.gradle
# solr/build.gradle
# solr/home/solrdefault/conf/solrconfig.xml
#
solr/src/main/java/org/apache/ofbiz/solr/webapp/OFBizSolrContextFilter.java
> The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-12316
> URL: https://issues.apache.org/jira/browse/OFBIZ-12316
> Project: OFBiz
> Issue Type: Bug
> Components: solr
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> This post-auth security issue was reported to the security team by weinull
> orz <[email protected]> As he suggested the solution is to update Solr to
> its last version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
