Hi All, Recently due to the log4j vulnerability, our security team warns us of this "CVE-2020-13941" that was reported somewhere in 2020. Sharing some details on CVE:
"" Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler ( https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. "" Fix has been provided in Solr 8.6 however we cant currently be in position to either upgrade to 8.6 or lockdown our Solr instances. My team is using Solr 6.4.2 in production and would appreciate a quick fix or patch to fix this problem. Does anyone have any ideas ? Thanks, Rashi
