Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Lucene>
  3. Java-Dev
CVEs reported in Solr 8.11.2
praveen.kamath at acquia
Jan 7, 2024, 10:43 PM
Post #1 of 2 (57 views)
Permalink
Hey Team,

Greetings for the day. This is Praveen from Acquia - one of your Solr
customers.
We recently ran an ORCA scan on our solr instances and got to know of
several vulnerabilities in Lucene 8.11.2. I couldn't find any tickets
regarding vulnerability reported in bcprov-jdk15on-1.69.jar (1.69):
org.bouncycastle:bcprov-jdk15on library in your issue tracker
<https://issues.apache.org/jira/>.
I want to raise a ticket for this. Kindly help me with the process to do so.

Thanks and regards,
Praveen Kamath
Staff Engineer, Acquia
Re: CVEs reported in Solr 8.11.2 [ In reply to ]
mkhl at apache
Jan 9, 2024, 5:54 AM
Post #2 of 2 (55 views)
Permalink
Hello Praveen,
IIRC this jar is used only by Tika (Solr Cell) module which is disabled by
default. So, it's up to user to turn on this vulnerability.

On Mon, Jan 8, 2024 at 9:55?AM Praveen Kamath <praveen.kamath@acquia.com>
wrote:

> Hey Team,
>
> Greetings for the day. This is Praveen from Acquia - one of your Solr
> customers.
> We recently ran an ORCA scan on our solr instances and got to know of
> several vulnerabilities in Lucene 8.11.2. I couldn't find any tickets
> regarding vulnerability reported in bcprov-jdk15on-1.69.jar (1.69):
> org.bouncycastle:bcprov-jdk15on library in your issue tracker
> <https://issues.apache.org/jira/>.
> I want to raise a ticket for this. Kindly help me with the process to do
> so.
>
> Thanks and regards,
> Praveen Kamath
> Staff Engineer, Acquia
>


--
Sincerely yours
Mikhail Khludnev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal