[OFBIZ-12898] [SECURITY] In Solr fixe NPE in FieldLengthFeature with non-stored/missing fields. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Upcoming Branch
Fix Version/s: Upcoming Branch
Component/s: lucene, solr
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

~~It's not a CVE, no backport needed~~. For details, see
https://lucene.apache.org/core/8_11_3/changes/Changes.html

Actually few hours later Solr announced 4 CVEs:
https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies
https://solr.staged.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets
https://solr.staged.apache.org/security.html#cve-2023-50292-apache-solr-schema-designer-blindly-trusts-all-configsets-possibly-leading-to-rce-by-unauthenticated-users

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Feb/24 16:13

Updated:: 29/Feb/24 08:03

Resolved:: 09/Feb/24 16:14