[
https://issues.apache.org/jira/browse/OFBIZ-12316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-12316:
------------------------------------
Description: This security issue was reported to the security team by
weinull orz <[email protected]> As he suggested the solution is to update
Solr to its last version. We did not create a CVE as it's actually a Solr issue
and Solr has already created (CVE-2021-27905) (was: This security issue was
reported to the security team by weinull orz <[email protected]> As he
suggested the solution is to update Solr to its last version. We did not create
a CVE as it's actually a Solr issue and Solr has already created )
> The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-12316
> URL: https://issues.apache.org/jira/browse/OFBIZ-12316
> Project: OFBiz
> Issue Type: Bug
> Components: solr
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 18.12.01, Release Branch 17.12
>
>
> This security issue was reported to the security team by weinull orz
> <[email protected]> As he suggested the solution is to update Solr to its
> last version. We did not create a CVE as it's actually a Solr issue and Solr
> has already created (CVE-2021-27905)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
