[MGNLEESOLR-229] Remove forced update dependencies when CVEs are fixed by solrj Created: 19/Oct/23 Updated: 23/Oct/23 |
|
| Status: | Open |
| Project: | Solr Search Provider |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Anh Vu | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoR: |
Empty
|
| Epic Link: | DevX Bucket |
| Team: |
| Description |
|
Currently we force update snappy-java, jetty and zookeeper libs brought by solrj to avoid security vulnerabilities. Details for the fixed CVE: MGNLEESOLR-192 jetty-http-9.4.44.v20210927: CVE-2022-2047 MGNLEESOLR-197 snappy-java: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
snappy-java-1.1.10.1.jar: CVE-2023-43642 MGNLEESOLR-224 zookeeper-3.6.2.jar: CVE-2023-44981 |