[
https://issues.apache.org/jira/browse/OFBIZ-12316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17415385#comment-17415385
]
ASF subversion and git services commented on OFBIZ-12316:
---------------------------------------------------------
Commit ff03ec248a8a06bd8b6525b9d222975ff1b3c40d in ofbiz-plugins's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=ff03ec2 ]
Fixed: The Solr version included in OFBiz has an SSRF vulnerability
(CVE-2021-27905) (OFBIZ-12316)
This post-auth security issue was reported to the security team by weinull orz
<[email protected]> As he suggested the solution is to update Solr to its last
version (8.9.0)
This solution contains a (justified) rant!
Thanks: weinull orz
> The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-12316
> URL: https://issues.apache.org/jira/browse/OFBIZ-12316
> Project: OFBiz
> Issue Type: Bug
> Components: solr
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> This post-auth security issue was reported to the security team by weinull
> orz <[email protected]> As he suggested the solution is to update Solr to
> its last version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
