Re: 7.7.3 bugfix release

[Noble Paul]

Thanks Adrien

On Mon, May 4, 2020, 6:03 PM Adrien Grand  wrote:

> I just disabled the 7.7 builds since 7.7 has made it to the mirrors.
>
> On Wed, Apr 22, 2020 at 1:23 AM Noble Paul  wrote:
>
>> thanks Adrien
>>
>> On Tue, Apr 21, 2020 at 6:22 PM Adrien Grand  wrote:
>> >
>> > FYI I just re-enabled 7.7 builds on the Apache Jenkins.
>> >
>> > On Thu, Apr 16, 2020 at 10:17 PM jim ferenczi 
>> wrote:
>> >>
>> >> Hi,
>> >>
>> >> Ì merged LUCENE-9300 in the 7.7 branch.
>> >>
>> >> > I shall cut the branch in a day or two
>> >>
>> >> I guess you meant create the first BC since the branch is already
>> created (branch_7_7) ;)
>> >>
>> >> Thanks,
>> >> Jim
>> >>
>> >>
>> >> Le mer. 15 avr. 2020 à 09:21, Noble Paul  a
>> écrit :
>> >>>
>> >>> Hi, Please merge all the required changes to the branch branch_7_7
>> >>>
>> >>> I shall cut the branch in a day or two
>> >>>
>> >>> On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi 
>> wrote:
>> >>> >
>> >>> > Hi Paul,
>> >>> > Ignacio have started the release process for a bug fix release of
>> 8.5.1 last week.
>> >>> > We cannot have two releases at the same time so would you agree to
>> start 7.7.3 after 8.5.1 is out ?
>> >>> > I'd also like to backport LUCENE-9300 in 7.7 (the reason why we
>> started a. 8.5.1 release) so don't hesitate if you need help or to delegate
>> the release if you don't have the time at the moment.
>> >>> >
>> >>> > - Jim
>> >>> >
>> >>> >
>> >>> > Le mar. 18 févr. 2020 à 18:35, Houston Putman <
>> houstonput...@gmail.com> a écrit :
>> >>> >>
>> >>> >> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we
>> should be good to go with 7.7.3 I think.
>> >>> >>
>> >>> >> - Houston
>> >>> >>
>> >>> >> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl 
>> wrote:
>> >>> >>>
>> >>> >>> Falde alarm, I needed to update my branch :)
>> >>> >>>
>> >>> >>> Jan Høydahl
>> >>> >>>
>> >>> >>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl > >:
>> >>> >>>
>> >>> >>> What commit hash is the backport of SOLR-13971? I cannot find it
>> and there is no CHANGES entry…?
>> >>> >>>
>> >>> >>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
>> ichattopadhy...@gmail.com>:
>> >>> >>>
>> >>> >>> +1, Houston. That's my understanding as well. Please go ahead
>> with the backport.
>> >>> >>>
>> >>> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <
>> houstonput...@gmail.com> wrote:
>> >>> 
>> >>>  It looks like CVE-2019-17558 / SOLR-13971 has already been taken
>> care of:
>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>> >>> 
>> >>>  So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By
>> the description in the JIRA, it looks like backporting
>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>> should be enough. Is this correct, or am I missing something?
>> >>> 
>> >>>  - HOuston
>> >>> 
>> >>>  On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <
>> jan@cominvent.com> wrote:
>> >>> 
>> >>>  I’m afraid I don’t have the bandwidth the next couple of weeks.
>> >>> 
>> >>>  Jan Høydahl
>> >>> 
>> >>>  > 13. feb. 2020 kl. 16:27 skrev Noble Paul > >:
>> >>>  >
>> >>>  > Do you wish to backport them?
>> >>>  >
>> >>>  >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <
>> jan@cominvent.com> wrote:
>> >>>  >>
>> >>>  >> According to NVD, there are at least two published CVEs that
>> affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669).
>> We cannot release 7.7.3 with these still present.
>> >>>  >>
>> >>>  >> Jan
>> >>>  >>
>> >>>  >> 13. feb. 2020 kl. 06:42 skrev Noble Paul <
>> noble.p...@gmail.com>:
>> >>>  >>
>> >>>  >> I'm planning to back port  SOLR-14013 and do a bug fix
>> release soon.
>> >>>  >> Please let me know if there is anything hat you wish to be
>> included
>> >>>  >>
>> >>>  >> --
>> >>>  >> -
>> >>>  >> Noble Paul
>> >>>  >>
>> >>>  >>
>> -
>> >>>  >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> >>>  >> For additional commands, e-mail: dev-h...@lucene.apache.org
>> >>>  >>
>> >>>  >>
>> >>>  >
>> >>>  >
>> >>>  > --
>> >>>  > -
>> >>>  > Noble Paul
>> >>>  >
>> >>>  >
>> -
>> >>>  > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
>> >>>  > For additional commands, e-mail: dev-h...@lucene.apache.org
>> >>>  >
>> >>> 
>> >>> 
>> -
>> >>>  To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> >>>  For additional commands, e-mail: 

Re: 7.7.3 bugfix release

[Adrien Grand]

I just disabled the 7.7 builds since 7.7 has made it to the mirrors.

On Wed, Apr 22, 2020 at 1:23 AM Noble Paul  wrote:

> thanks Adrien
>
> On Tue, Apr 21, 2020 at 6:22 PM Adrien Grand  wrote:
> >
> > FYI I just re-enabled 7.7 builds on the Apache Jenkins.
> >
> > On Thu, Apr 16, 2020 at 10:17 PM jim ferenczi 
> wrote:
> >>
> >> Hi,
> >>
> >> Ì merged LUCENE-9300 in the 7.7 branch.
> >>
> >> > I shall cut the branch in a day or two
> >>
> >> I guess you meant create the first BC since the branch is already
> created (branch_7_7) ;)
> >>
> >> Thanks,
> >> Jim
> >>
> >>
> >> Le mer. 15 avr. 2020 à 09:21, Noble Paul  a
> écrit :
> >>>
> >>> Hi, Please merge all the required changes to the branch branch_7_7
> >>>
> >>> I shall cut the branch in a day or two
> >>>
> >>> On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi 
> wrote:
> >>> >
> >>> > Hi Paul,
> >>> > Ignacio have started the release process for a bug fix release of
> 8.5.1 last week.
> >>> > We cannot have two releases at the same time so would you agree to
> start 7.7.3 after 8.5.1 is out ?
> >>> > I'd also like to backport LUCENE-9300 in 7.7 (the reason why we
> started a. 8.5.1 release) so don't hesitate if you need help or to delegate
> the release if you don't have the time at the moment.
> >>> >
> >>> > - Jim
> >>> >
> >>> >
> >>> > Le mar. 18 févr. 2020 à 18:35, Houston Putman <
> houstonput...@gmail.com> a écrit :
> >>> >>
> >>> >> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we
> should be good to go with 7.7.3 I think.
> >>> >>
> >>> >> - Houston
> >>> >>
> >>> >> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl 
> wrote:
> >>> >>>
> >>> >>> Falde alarm, I needed to update my branch :)
> >>> >>>
> >>> >>> Jan Høydahl
> >>> >>>
> >>> >>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
> >>> >>>
> >>> >>> What commit hash is the backport of SOLR-13971? I cannot find it
> and there is no CHANGES entry…?
> >>> >>>
> >>> >>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
> ichattopadhy...@gmail.com>:
> >>> >>>
> >>> >>> +1, Houston. That's my understanding as well. Please go ahead with
> the backport.
> >>> >>>
> >>> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <
> houstonput...@gmail.com> wrote:
> >>> 
> >>>  It looks like CVE-2019-17558 / SOLR-13971 has already been taken
> care of:
> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
> >>> 
> >>>  So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By
> the description in the JIRA, it looks like backporting
> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
> should be enough. Is this correct, or am I missing something?
> >>> 
> >>>  - HOuston
> >>> 
> >>>  On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <
> jan@cominvent.com> wrote:
> >>> 
> >>>  I’m afraid I don’t have the bandwidth the next couple of weeks.
> >>> 
> >>>  Jan Høydahl
> >>> 
> >>>  > 13. feb. 2020 kl. 16:27 skrev Noble Paul  >:
> >>>  >
> >>>  > Do you wish to backport them?
> >>>  >
> >>>  >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <
> jan@cominvent.com> wrote:
> >>>  >>
> >>>  >> According to NVD, there are at least two published CVEs that
> affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669).
> We cannot release 7.7.3 with these still present.
> >>>  >>
> >>>  >> Jan
> >>>  >>
> >>>  >> 13. feb. 2020 kl. 06:42 skrev Noble Paul  >:
> >>>  >>
> >>>  >> I'm planning to back port  SOLR-14013 and do a bug fix release
> soon.
> >>>  >> Please let me know if there is anything hat you wish to be
> included
> >>>  >>
> >>>  >> --
> >>>  >> -
> >>>  >> Noble Paul
> >>>  >>
> >>>  >>
> -
> >>>  >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> >>>  >> For additional commands, e-mail: dev-h...@lucene.apache.org
> >>>  >>
> >>>  >>
> >>>  >
> >>>  >
> >>>  > --
> >>>  > -
> >>>  > Noble Paul
> >>>  >
> >>>  >
> -
> >>>  > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
> >>>  > For additional commands, e-mail: dev-h...@lucene.apache.org
> >>>  >
> >>> 
> >>> 
> -
> >>>  To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> >>>  For additional commands, e-mail: dev-h...@lucene.apache.org
> >>> 
> >>> >>>
> >>>
> >>>
> >>> --
> >>> -
> >>> Noble Paul
> >>>
> >>> -
> >>> To 

Re: 7.7.3 bugfix release

[Noble Paul]

thanks Adrien

On Tue, Apr 21, 2020 at 6:22 PM Adrien Grand  wrote:
>
> FYI I just re-enabled 7.7 builds on the Apache Jenkins.
>
> On Thu, Apr 16, 2020 at 10:17 PM jim ferenczi  wrote:
>>
>> Hi,
>>
>> Ì merged LUCENE-9300 in the 7.7 branch.
>>
>> > I shall cut the branch in a day or two
>>
>> I guess you meant create the first BC since the branch is already created 
>> (branch_7_7) ;)
>>
>> Thanks,
>> Jim
>>
>>
>> Le mer. 15 avr. 2020 à 09:21, Noble Paul  a écrit :
>>>
>>> Hi, Please merge all the required changes to the branch branch_7_7
>>>
>>> I shall cut the branch in a day or two
>>>
>>> On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi  wrote:
>>> >
>>> > Hi Paul,
>>> > Ignacio have started the release process for a bug fix release of 8.5.1 
>>> > last week.
>>> > We cannot have two releases at the same time so would you agree to start 
>>> > 7.7.3 after 8.5.1 is out ?
>>> > I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started 
>>> > a. 8.5.1 release) so don't hesitate if you need help or to delegate the 
>>> > release if you don't have the time at the moment.
>>> >
>>> > - Jim
>>> >
>>> >
>>> > Le mar. 18 févr. 2020 à 18:35, Houston Putman  a 
>>> > écrit :
>>> >>
>>> >> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we should 
>>> >> be good to go with 7.7.3 I think.
>>> >>
>>> >> - Houston
>>> >>
>>> >> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl  
>>> >> wrote:
>>> >>>
>>> >>> Falde alarm, I needed to update my branch :)
>>> >>>
>>> >>> Jan Høydahl
>>> >>>
>>> >>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
>>> >>>
>>> >>> What commit hash is the backport of SOLR-13971? I cannot find it and 
>>> >>> there is no CHANGES entry…?
>>> >>>
>>> >>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya 
>>> >>> :
>>> >>>
>>> >>> +1, Houston. That's my understanding as well. Please go ahead with the 
>>> >>> backport.
>>> >>>
>>> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman,  
>>> >>> wrote:
>>> 
>>>  It looks like CVE-2019-17558 / SOLR-13971 has already been taken care 
>>>  of: 
>>>  https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>>> 
>>>  So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the 
>>>  description in the JIRA, it looks like backporting 
>>>  https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>>>   should be enough. Is this correct, or am I missing something?
>>> 
>>>  - HOuston
>>> 
>>>  On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl  
>>>  wrote:
>>> 
>>>  I’m afraid I don’t have the bandwidth the next couple of weeks.
>>> 
>>>  Jan Høydahl
>>> 
>>>  > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>>>  >
>>>  > Do you wish to backport them?
>>>  >
>>>  >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  
>>>  >> wrote:
>>>  >>
>>>  >> According to NVD, there are at least two published CVEs that 
>>>  >> affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / 
>>>  >> SOLR-13669). We cannot release 7.7.3 with these still present.
>>>  >>
>>>  >> Jan
>>>  >>
>>>  >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>>>  >>
>>>  >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>>>  >> Please let me know if there is anything hat you wish to be included
>>>  >>
>>>  >> --
>>>  >> -
>>>  >> Noble Paul
>>>  >>
>>>  >> -
>>>  >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>>  >> For additional commands, e-mail: dev-h...@lucene.apache.org
>>>  >>
>>>  >>
>>>  >
>>>  >
>>>  > --
>>>  > -
>>>  > Noble Paul
>>>  >
>>>  > -
>>>  > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
>>>  > For additional commands, e-mail: dev-h...@lucene.apache.org
>>>  >
>>> 
>>>  -
>>>  To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>>  For additional commands, e-mail: dev-h...@lucene.apache.org
>>> 
>>> >>>
>>>
>>>
>>> --
>>> -
>>> Noble Paul
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> For additional commands, e-mail: dev-h...@lucene.apache.org
>>>
>
>
> --
> Adrien



-- 
-
Noble Paul

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, 

Re: 7.7.3 bugfix release

[Adrien Grand]

FYI I just re-enabled 7.7 builds on the Apache Jenkins.

On Thu, Apr 16, 2020 at 10:17 PM jim ferenczi 
wrote:

> Hi,
>
> Ì merged LUCENE-9300  in
> the 7.7 branch.
>
> > I shall cut the branch in a day or two
>
> I guess you meant create the first BC since the branch is already created
> (branch_7_7) ;)
>
> Thanks,
> Jim
>
>
> Le mer. 15 avr. 2020 à 09:21, Noble Paul  a écrit :
>
>> Hi, Please merge all the required changes to the branch branch_7_7
>>
>> I shall cut the branch in a day or two
>>
>> On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi 
>> wrote:
>> >
>> > Hi Paul,
>> > Ignacio have started the release process for a bug fix release of 8.5.1
>> last week.
>> > We cannot have two releases at the same time so would you agree to
>> start 7.7.3 after 8.5.1 is out ?
>> > I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started
>> a. 8.5.1 release) so don't hesitate if you need help or to delegate the
>> release if you don't have the time at the moment.
>> >
>> > - Jim
>> >
>> >
>> > Le mar. 18 févr. 2020 à 18:35, Houston Putman 
>> a écrit :
>> >>
>> >> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we
>> should be good to go with 7.7.3 I think.
>> >>
>> >> - Houston
>> >>
>> >> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl 
>> wrote:
>> >>>
>> >>> Falde alarm, I needed to update my branch :)
>> >>>
>> >>> Jan Høydahl
>> >>>
>> >>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
>> >>>
>> >>> What commit hash is the backport of SOLR-13971? I cannot find it and
>> there is no CHANGES entry…?
>> >>>
>> >>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
>> ichattopadhy...@gmail.com>:
>> >>>
>> >>> +1, Houston. That's my understanding as well. Please go ahead with
>> the backport.
>> >>>
>> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <
>> houstonput...@gmail.com> wrote:
>> 
>>  It looks like CVE-2019-17558 / SOLR-13971 has already been taken
>> care of:
>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>> 
>>  So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
>> description in the JIRA, it looks like backporting
>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>> should be enough. Is this correct, or am I missing something?
>> 
>>  - HOuston
>> 
>>  On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl 
>> wrote:
>> 
>>  I’m afraid I don’t have the bandwidth the next couple of weeks.
>> 
>>  Jan Høydahl
>> 
>>  > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>>  >
>>  > Do you wish to backport them?
>>  >
>>  >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <
>> jan@cominvent.com> wrote:
>>  >>
>>  >> According to NVD, there are at least two published CVEs that
>> affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669).
>> We cannot release 7.7.3 with these still present.
>>  >>
>>  >> Jan
>>  >>
>>  >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>>  >>
>>  >> I'm planning to back port  SOLR-14013 and do a bug fix release
>> soon.
>>  >> Please let me know if there is anything hat you wish to be
>> included
>>  >>
>>  >> --
>>  >> -
>>  >> Noble Paul
>>  >>
>>  >>
>> -
>>  >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>  >> For additional commands, e-mail: dev-h...@lucene.apache.org
>>  >>
>>  >>
>>  >
>>  >
>>  > --
>>  > -
>>  > Noble Paul
>>  >
>>  >
>> -
>>  > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
>>  > For additional commands, e-mail: dev-h...@lucene.apache.org
>>  >
>> 
>>  -
>>  To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>  For additional commands, e-mail: dev-h...@lucene.apache.org
>> 
>> >>>
>>
>>
>> --
>> -
>> Noble Paul
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> For additional commands, e-mail: dev-h...@lucene.apache.org
>>
>>

-- 
Adrien

Re: 7.7.3 bugfix release

[jim ferenczi]

Hi,

Ì merged LUCENE-9300  in
the 7.7 branch.

> I shall cut the branch in a day or two

I guess you meant create the first BC since the branch is already created
(branch_7_7) ;)

Thanks,
Jim


Le mer. 15 avr. 2020 à 09:21, Noble Paul  a écrit :

> Hi, Please merge all the required changes to the branch branch_7_7
>
> I shall cut the branch in a day or two
>
> On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi 
> wrote:
> >
> > Hi Paul,
> > Ignacio have started the release process for a bug fix release of 8.5.1
> last week.
> > We cannot have two releases at the same time so would you agree to start
> 7.7.3 after 8.5.1 is out ?
> > I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started
> a. 8.5.1 release) so don't hesitate if you need help or to delegate the
> release if you don't have the time at the moment.
> >
> > - Jim
> >
> >
> > Le mar. 18 févr. 2020 à 18:35, Houston Putman 
> a écrit :
> >>
> >> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we
> should be good to go with 7.7.3 I think.
> >>
> >> - Houston
> >>
> >> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl 
> wrote:
> >>>
> >>> Falde alarm, I needed to update my branch :)
> >>>
> >>> Jan Høydahl
> >>>
> >>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
> >>>
> >>> What commit hash is the backport of SOLR-13971? I cannot find it and
> there is no CHANGES entry…?
> >>>
> >>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
> ichattopadhy...@gmail.com>:
> >>>
> >>> +1, Houston. That's my understanding as well. Please go ahead with the
> backport.
> >>>
> >>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, 
> wrote:
> 
>  It looks like CVE-2019-17558 / SOLR-13971 has already been taken care
> of:
> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
> 
>  So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
> description in the JIRA, it looks like backporting
> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
> should be enough. Is this correct, or am I missing something?
> 
>  - HOuston
> 
>  On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl 
> wrote:
> 
>  I’m afraid I don’t have the bandwidth the next couple of weeks.
> 
>  Jan Høydahl
> 
>  > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>  >
>  > Do you wish to backport them?
>  >
>  >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl 
> wrote:
>  >>
>  >> According to NVD, there are at least two published CVEs that
> affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669).
> We cannot release 7.7.3 with these still present.
>  >>
>  >> Jan
>  >>
>  >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>  >>
>  >> I'm planning to back port  SOLR-14013 and do a bug fix release
> soon.
>  >> Please let me know if there is anything hat you wish to be included
>  >>
>  >> --
>  >> -
>  >> Noble Paul
>  >>
>  >>
> -
>  >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>  >> For additional commands, e-mail: dev-h...@lucene.apache.org
>  >>
>  >>
>  >
>  >
>  > --
>  > -
>  > Noble Paul
>  >
>  >
> -
>  > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
>  > For additional commands, e-mail: dev-h...@lucene.apache.org
>  >
> 
>  -
>  To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>  For additional commands, e-mail: dev-h...@lucene.apache.org
> 
> >>>
>
>
> --
> -
> Noble Paul
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

Re: 7.7.3 bugfix release

[Noble Paul]

Hi, Please merge all the required changes to the branch branch_7_7

I shall cut the branch in a day or two

On Mon, Apr 6, 2020 at 6:14 PM jim ferenczi  wrote:
>
> Hi Paul,
> Ignacio have started the release process for a bug fix release of 8.5.1 last 
> week.
> We cannot have two releases at the same time so would you agree to start 
> 7.7.3 after 8.5.1 is out ?
> I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started a. 
> 8.5.1 release) so don't hesitate if you need help or to delegate the release 
> if you don't have the time at the moment.
>
> - Jim
>
>
> Le mar. 18 févr. 2020 à 18:35, Houston Putman  a 
> écrit :
>>
>> I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we should be 
>> good to go with 7.7.3 I think.
>>
>> - Houston
>>
>> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl  wrote:
>>>
>>> Falde alarm, I needed to update my branch :)
>>>
>>> Jan Høydahl
>>>
>>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
>>>
>>> What commit hash is the backport of SOLR-13971? I cannot find it and there 
>>> is no CHANGES entry…?
>>>
>>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya 
>>> :
>>>
>>> +1, Houston. That's my understanding as well. Please go ahead with the 
>>> backport.
>>>
>>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman,  
>>> wrote:

 It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: 
 https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

 So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the 
 description in the JIRA, it looks like backporting 
 https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
  should be enough. Is this correct, or am I missing something?

 - HOuston

 On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl  wrote:

 I’m afraid I don’t have the bandwidth the next couple of weeks.

 Jan Høydahl

 > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
 >
 > Do you wish to backport them?
 >
 >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  
 >> wrote:
 >>
 >> According to NVD, there are at least two published CVEs that affects 
 >> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We 
 >> cannot release 7.7.3 with these still present.
 >>
 >> Jan
 >>
 >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
 >>
 >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
 >> Please let me know if there is anything hat you wish to be included
 >>
 >> --
 >> -
 >> Noble Paul
 >>
 >> -
 >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
 >> For additional commands, e-mail: dev-h...@lucene.apache.org
 >>
 >>
 >
 >
 > --
 > -
 > Noble Paul
 >
 > -
 > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
 > For additional commands, e-mail: dev-h...@lucene.apache.org
 >

 -
 To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
 For additional commands, e-mail: dev-h...@lucene.apache.org

>>>


-- 
-
Noble Paul

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: 7.7.3 bugfix release

[jim ferenczi]

Hi Paul,
Ignacio have started the release process for a bug fix release of 8.5.1
last week.
We cannot have two releases at the same time so would you agree to start
7.7.3 after 8.5.1 is out ?
I'd also like to backport LUCENE-9300 in 7.7 (the reason why we started a.
8.5.1 release) so don't hesitate if you need help or to delegate the
release if you don't have the time at the moment.

- Jim


Le mar. 18 févr. 2020 à 18:35, Houston Putman  a
écrit :

> I've backported SOLR-13v69
> . After you add in
> SOLR-14013 Noble, we should be good to go with 7.7.3 I think.
>
> - Houston
>
> On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl  wrote:
>
>> Falde alarm, I needed to update my branch :)
>>
>> Jan Høydahl
>>
>> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
>>
>> What commit hash is the backport of SOLR-13971? I cannot find it and
>> there is no CHANGES entry…?
>>
>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
>> ichattopadhy...@gmail.com>:
>>
>> +1, Houston. That's my understanding as well. Please go ahead with the
>> backport.
>>
>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, 
>> wrote:
>>
>>> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care
>>> of:
>>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>>>
>>> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
>>> description in the JIRA, it looks like backporting
>>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>>> 
>>>  should
>>> be enough. Is this correct, or am I missing something?
>>>
>>> - HOuston
>>>
>>> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl 
>>> wrote:
>>>
>>> I’m afraid I don’t have the bandwidth the next couple of weeks.
>>>
>>> Jan Høydahl
>>>
>>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>>> >
>>> > Do you wish to backport them?
>>> >
>>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl 
>>> wrote:
>>> >>
>>> >> According to NVD, there are at least two published CVEs that affects
>>> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We
>>> cannot release 7.7.3 with these still present.
>>> >>
>>> >> Jan
>>> >>
>>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul >> >:
>>> >>
>>> >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>>> >> Please let me know if there is anything hat you wish to be included
>>> >>
>>> >> --
>>> >> -
>>> >> Noble Paul
>>> >>
>>> >> -
>>> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> >> For additional commands, e-mail: dev-h...@lucene.apache.org
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > -
>>> > Noble Paul
>>> >
>>> > -
>>> > To unsubscribe, %-mail: dev-unsubscr...@lucene.apache.org
>>> > For additional commands, e-mail: dev-h...@lucene.apache.org
>>> >
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> For additional commands, e-mail: dev-h...@lucene.apache.org
>>>
>>>
>>

Re: 7.7.3 bugfix release

[Houston Putman]

I've backported SOLR-13669
. After you add in
SOLR-14013 Noble, we should be good to go with 7.7.3 I think.

- Houston

On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl  wrote:

> Falde alarm, I needed to update my branch :)
>
> Jan Høydahl
>
> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
>
> What commit hash is the backport of SOLR-13971? I cannot find it and
> there is no CHANGES entry…?
>
> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <
> ichattopadhy...@gmail.com>:
>
> +1, Houston. That's my understanding as well. Please go ahead with the
> backport.
>
> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, 
> wrote:
>
>> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of:
>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>>
>> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
>> description in the JIRA, it looks like backporting
>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>>  should
>> be enough. Is this correct, or am I missing something?
>>
>> - HOuston
>>
>> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl 
>> wrote:
>>
>>> I’m afraid I don’t have the bandwidth the next couple of weeks.
>>>
>>> Jan Høydahl
>>>
>>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>>> >
>>> > Do you wish to backport them?
>>> >
>>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl 
>>> wrote:
>>> >>
>>> >> According to NVD, there are at least two published CVEs that affects
>>> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We
>>> cannot release 7.7.3 with these still present.
>>> >>
>>> >> Jan
>>> >>
>>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>>> >>
>>> >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>>> >> Please let me know if there is anything hat you wish to be included
>>> >>
>>> >> --
>>> >> m
>>> >> Noble Paul
>>> >>
>>> >> -
>>> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> >> For additional commands, e-mail: dev-h...@lucene.apache.org
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > -
>>> > Noble Paul
>>> >
>>> > -
>>> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> > For additional commands, e-mail: dev-h...@lucene.apache.org
>>> >
>>>
>>> -
>>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>>> For additional com-ands, e-mail: d%v-h...@lucene.apache.org
>>>
>>>
>

Re: 7.7.3 bugfix release

[Jan Høydahl]

Falde alarm, I needed to update my branch :)

Jan Høydahl

> 14. feb. 2020 kl. 19:11 skrev Jan Høydahl :
> 
> What commit hash is the backport of SOLR-13971? I cannot find it and there 
> is no CHANGES entry…?
> 
>> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya 
>> :
>> 
>> +1, Houston. That's my understanding as well. Please go ahead with the 
>> backport.
>> 
>>> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman,  
>>> wrote:
>>> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: 
>>> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>>> 
>>> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the 
>>> description in the JIRA, it looks like backporting 
>>> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>>>  should be enough. Is this correct, or am I missing something?
>>> 
>>> - HOuston
>>> 
 On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl  wrote:
 I’m afraid I don’t have the bandwidth the next couple of weeks.
 
 Jan Høydahl
 
 > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
 > 
 > Do you wish to backport them?
 > 
 >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  
 >> wrote:
 >> 
 >> According to NVD, there are at least two published CVEs that affects 
 >> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We 
 >> cannot release 7.7.3 with these still present.
 >> 
 >> Jan
 >> 
 >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
 >> 
 >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
 >> Please let me know if there is anything hat you wish to be included
 >> 
 >> --
 >> -
 >> Noble Paul
 >> 
 >> -
 >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
 >> For additional commands, e-mail: dev-h...@lucene.apache.org
 >> 
 >> 
 > 
 > 
 > -- 
 > -
 > Noble Paul
 > 
 > -
 > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
 > For additional commands, e-mail: dev-h...@lucene.apache.org
 > 
 
 -
 To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
 For additional commands, e-mail: dev-h...@lucene.apache.org
 
> 

Re: 7.7.3 bugfix release

[Jan Høydahl]

What commit hash is the backport of SOLR-13971? I cannot find it and there is 
no CHANGES entry…?

> 14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya 
> :
> 
> +1, Houston. That's my understanding as well. Please go ahead with the 
> backport.
> 
> On Fri, 14 Feb, 2020, 9:02 PM Houston Putman,  > wrote:
> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: 
> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>  
> 
> 
> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the 
> description in the JIRA, it looks like backporting 
> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>  
> 
>  should be enough. Is this correct, or am I missing something?
> 
> - HOuston
> 
> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl  > wrote:
> I’m afraid I don’t have the bandwidth the next couple of weeks.
> 
> Jan Høydahl
> 
> > 13. feb. 2020 kl. 16:27 skrev Noble Paul  > >:
> > 
> > Do you wish to backport them?
> > 
> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  >> > wrote:
> >> 
> >> According to NVD, there are at least two published CVEs that affects 7.7.2 
> >> (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot 
> >> release 7.7.3 with these still present.
> >> 
> >> Jan
> >> 
> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul  >> >:
> >> 
> >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
> >> Please let me know if there is anything hat you wish to be included
> >> 
> >> --
> >> -
> >> Noble Paul
> >> 
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org 
> >> 
> >> For additional commands, e-mail: dev-h...@lucene.apache.org 
> >> 
> >> 
> >> 
> > 
> > 
> > -- 
> > -
> > Noble Paul
> > 
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org 
> > 
> > For additional commands, e-mail: dev-h...@lucene.apache.org 
> > 
> > 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org 
> 
> For additional commands, e-mail: dev-h...@lucene.apache.org 
> 
> 

Re: 7.7.3 bugfix release

[Ishan Chattopadhyaya]

+1, Houston. That's my understanding as well. Please go ahead with the
backport.

On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, 
wrote:

> It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of:
> https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356
>
> So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
> description in the JIRA, it looks like backporting
> https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
>  should
> be enough. Is this correct, or am I missing something?
>
> - HOuston
>
> On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl 
> wrote:
>
>> I’m afraid I don’t have the bandwidth the next couple of weeks.
>>
>> Jan Høydahl
>>
>> > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
>> >
>> > Do you wish to backport them?
>> >
>> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl 
>> wrote:
>> >>
>> >> According to NVD, there are at least two published CVEs that affects
>> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We
>> cannot release 7.7.3 with these still present.
>> >>
>> >> Jan
>> >>
>> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>> >>
>> >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> >> Please let me know if there is anything hat you wish to be included
>> >>
>> >> --
>> >> -
>> >> Noble Paul
>> >>
>> >> -
>> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> >> For additional commands, e-mail: dev-h...@lucene.apache.org
>> >>
>> >>
>> >
>> >
>> > --
>> > -
>> > Noble Paul
>> >
>> > -
>> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> > For additional commands, e-mail: dev-h...@lucene.apache.org
>> >
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> For additional commands, e-mail: dev-h...@lucene.apache.org
>>
>>

Re: 7.7.3 bugfix release

[Houston Putman]

It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of:
https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the
description in the JIRA, it looks like backporting
https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2
should
be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl  wrote:

> I’m afraid I don’t have the bandwidth the next couple of weeks.
>
> Jan Høydahl
>
> > 13. feb. 2020 kl. 16:27 skrev Noble Paul :
> >
> > Do you wish to backport them?
> >
> >> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl 
> wrote:
> >>
> >> According to NVD, there are at least two published CVEs that affects
> 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We
> cannot release 7.7.3 with these still present.
> >>
> >> Jan
> >>
> >> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
> >>
> >> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
> >> Please let me know if there is anything hat you wish to be included
> >>
> >> --
> >> -
> >> Noble Paul
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> >> For additional commands, e-mail: dev-h...@lucene.apache.org
> >>
> >>
> >
> >
> > --
> > -
> > Noble Paul
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> > For additional commands, e-mail: dev-h...@lucene.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>

Re: 7.7.3 bugfix release

[Jan Høydahl]

I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul :
> 
> Do you wish to backport them?
> 
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  wrote:
>> 
>> According to NVD, there are at least two published CVEs that affects 7.7.2 
>> (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot 
>> release 7.7.3 with these still present.
>> 
>> Jan
>> 
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>> 
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>> 
>> --
>> -
>> Noble Paul
>> 
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
>> For additional commands, e-mail: dev-h...@lucene.apache.org
>> 
>> 
> 
> 
> -- 
> -
> Noble Paul
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
> 

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: 7.7.3 bugfix release

[Noble Paul]

Do you wish to backport them?

On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl  wrote:
>
> According to NVD, there are at least two published CVEs that affects 7.7.2 
> (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot 
> release 7.7.3 with these still present.
>
> Jan
>
> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
>
> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
> Please let me know if there is anything hat you wish to be included
>
> --
> -
> Noble Paul
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
>
>


-- 
-
Noble Paul

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Re: 7.7.3 bugfix release

[Jan Høydahl]

According to NVD, there are at least two published CVEs 

 that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / 
SOLR-13669). We cannot release 7.7.3 with these still present.

Jan

> 13. feb. 2020 kl. 06:42 skrev Noble Paul :
> 
> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
> Please let me know if there is anything hat you wish to be included
> 
> -- 
> -
> Noble Paul
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
> For additional commands, e-mail: dev-h...@lucene.apache.org
> 

7.7.3 bugfix release

[Noble Paul]

I'm planning to back port  SOLR-14013 and do a bug fix release soon.
Please let me know if there is anything hat you wish to be included

-- 
-
Noble Paul

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org