[CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: 5.0.0 to 8.3.1
Description:
The affected versions are vulnerable to a Remote Code Execution through the
VelocityResponseWriter. A Velocity template can be
Hi
I propose a quick 8.4.1 bugfix release and I volunteer as RM.
I plan to build RC1 on Monday January 6th, one week from now.
Feel free to merge bug fixes to branch_8_4, just drop a word here.
As usual, do NOT merge features or large changes that risk the stability of the
release.
Minor
These Ref Guide build failures are happening because apparently the rvm.io
domain got parked when the certificate expired (today), and we use it to
download the Ruby gems the build needs.
The maintainer is working on it
(https://twitter.com/mpapis/status/1211657656676618241) but it’s not clear
@lucene.experimentalI want to draw some attention to a change coming in
LUCENE-9093 relating to the UnifiedHighlighter and how it sizes Passages.
I'll link to the pertinent summary comment:
Here’s the last 4 week’s failures:
There were 1287 unannotated tests that failed in Hoss' rollups. Ordered by the
date I downloaded the rollup file, newest->oldest. See above for the dates the
files were collected
These tests were NOT BadApple'd or AwaitsFix'd
All tests that failed 4 weeks