The JIRA issues are now publicly viewable:
https://issues.apache.org/jira/browse/SOLR-11482
https://issues.apache.org/jira/browse/SOLR-11477
On Wed, Oct 18, 2017 at 4:49 AM, Ishan Chattopadhyaya
wrote:
> There will be a 5.5.5 release soon. 6.6.2 has just been
There will be a 5.5.5 release soon. 6.6.2 has just been released.
On Mon, Oct 16, 2017 at 8:17 PM, Keith L wrote:
> Additionally, it looks like the commits are public on github. Is this
> backported to 5.5.x too? Users that are still on 5x might want to backport
> some of
Additionally, it looks like the commits are public on github. Is this
backported to 5.5.x too? Users that are still on 5x might want to backport
some of the issues themselves since is not officially supported anymore.
On Mon, Oct 16, 2017 at 10:11 AM Mike Drob wrote:
> Given
Given that the already public nature of the disclosure, does it make sense
to make the work being done public prior to release as well?
Normally security fixes are kept private while the vulnerabilities are
private, but that's not the case here...
On Mon, Oct 16, 2017 at 1:20 AM, Shalin Shekhar
Yes, there is but it is private i.e. only the Apache Lucene PMC
members can see it. This is standard for all security issues in Apache
land. The fixes for this issue has been applied to the release
branches and the Solr 7.1.0 release candidate is already up for vote.
Barring any unforeseen
Is there a tracking to address this issue for SOLR 6.6.x and 7.x?
https://lucene.apache.org/solr/news.html#12-october-2017-please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list
Sean
Confidentiality Notice:: This email, including attachments,