Bug 1179795 (CVE-2014-3628)
| Summary: | CVE-2014-3628 solr: Cross-site scripting (XSS) vulnerability via the fieldvaluecache object | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | java-sig-commits, jrusnack, puntogil |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Apache Solr 4.10.3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-12 20:36:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1179814 | ||
|
Description
Vasyl Kaigorodov
2015-01-07 15:08:18 UTC
Solr 4.10.3 will be updated soon, are waiting to be able to fill. because requires Lucene 4.10.3. I do not know if it will be possible to upgrade it for F21 since Lucene is a dependency of eclipse. Close this bug (In reply to gil cattaneo from comment #1) > Solr 4.10.3 will be updated soon, are waiting to be able to fill. because > requires Lucene 4.10.3. I do not know if it will be possible to upgrade it > for F21 since Lucene is a dependency of eclipse. > Close this bug Thanks for the comment, marked Fedora versions as "notaffected". This bug should be opened though, Solr is shipped in other Red Hat products and we need to check if these are affected or not. Please don't close this bug. |