Details
-
Task
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
Currently we force update snappy-java, jetty and zookeeper libs brought by solrj to avoid security vulnerabilities.
This should be removed when the security vulnerabilities are fixed by a new solrj version.
For now the latest 8 version - 8.11.2 solrj has not fixed the issues yet.
Details for the fixed CVE:
MGNLEESOLR-192 jetty-http-9.4.44.v20210927: CVE-2022-2047
MGNLEESOLR-197 snappy-java: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
MGNLEESOLR-219
jetty:
http2-client-9.4.51.v20230217.jar: CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jetty-io-9.4.51.v20230217.jar: CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
http2-common-9.4.52.v20230823.jar: CVE-2023-44487
snappy-java-1.1.10.1.jar: CVE-2023-43642
MGNLEESOLR-224 zookeeper-3.6.2.jar: CVE-2023-44981