Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13208

Update dom4j in solr package due to security vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 7.6, 8.0
    • None
    • Server
    • None

    Description

      The Solr package contains dom4j-1.6.1 in the server webapp component in server/solr-webapp/webapp/WEB-INF/lib/dom4j-1.6.1.jar

      Please can you upgrade dom4j-1.6.1 due to open security vulnerability to 2.1.1+.

      If you need the CVE number, let me know.

       

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. SOLR-13113 CVE-2018-1000632 Threat Level 7 Against Solr v7.6. dom4j : dom4j : 1.6.1. dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute ...

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-13342 Remove dom4j from Solr

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              dawinter DW
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: