This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/trunk by this push:
new a02c8ba Fixed: Update Solr and Lucene to address several CVEs
(including Log4j) (OFBIZ-12464)
a02c8ba is described below
commit a02c8ba35043b2ca83635977b858fe18a6ddeba8
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Dec 17 05:14:19 2021 +0100
Fixed: Update Solr and Lucene to address several CVEs (including Log4j)
(OFBIZ-12464)
Solr is not yet available on Maven :/
We will also need to update Tika, and I guess the list will continue...
---
lucene/build.gradle | 11 ++++++-----
.../java/org/apache/ofbiz/content/search/SearchWorker.java | 2 +-
solr/build.gradle | 7 ++++---
solr/home/solrdefault/conf/solrconfig.xml | 2 +-
4 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/lucene/build.gradle b/lucene/build.gradle
index 406289d..d905758 100644
--- a/lucene/build.gradle
+++ b/lucene/build.gradle
@@ -17,9 +17,10 @@
* under the License.
*/
dependencies {
- // Remember to change the version LUCENE_VERSION in SearchWorker class
when upgrading.
- // Also Solr et Lucene should use the same version, luceneMatchVersion
should be updated in solrconfig.xml
- pluginLibsCompile 'org.apache.lucene:lucene-core:8.11.1'
- pluginLibsCompile 'org.apache.lucene:lucene-queryparser:8.11.1'
- pluginLibsCompile 'org.apache.lucene:lucene-analyzers-common:8.11.1'
+ // 1. Remember to change the version LUCENE_VERSION in SearchWorker class
when upgrading.
+ // 2. luceneMatchVersion should be updated in solrconfig.xml
+ // 3. Also Solr et Lucene should use the same version,
+ pluginLibsCompile 'org.apache.lucene:lucene-core:8.11.0'
+ pluginLibsCompile 'org.apache.lucene:lucene-queryparser:8.11.0'
+ pluginLibsCompile 'org.apache.lucene:lucene-analyzers-common:8.11.0'
}
diff --git
a/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
b/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
index 41d2d69..6275e5a 100644
--- a/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
+++ b/lucene/src/main/java/org/apache/ofbiz/content/search/SearchWorker.java
@@ -41,7 +41,7 @@ public final class SearchWorker {
private static final String MODULE = SearchWorker.class.getName();
- private static final Version LUCENE_VERSION = Version.LUCENE_8_11_1;
+ private static final Version LUCENE_VERSION = Version.LUCENE_8_11_0;
private SearchWorker() { }
diff --git a/solr/build.gradle b/solr/build.gradle
index 7e57866..a97cc78 100644
--- a/solr/build.gradle
+++ b/solr/build.gradle
@@ -17,9 +17,10 @@
* under the License.
*/
dependencies {
- // Remember to change the version LUCENE_VERSION in SearchWorker class
when upgrading.
- // Also Solr et Lucene should use the same version, luceneMatchVersion
should be updated in solrconfig.xml
- pluginLibsCompile 'org.apache.solr:solr-core:8.11.1'
+ // 1. Remember to change the version LUCENE_VERSION in SearchWorker class
when upgrading.
+ // 2. luceneMatchVersion should be updated in solrconfig.xml
+ // 3. Also Solr et Lucene should use the same version,
+ pluginLibsCompile 'org.apache.solr:solr-core:8.11.0'
pluginLibsCompile 'com.google.guava:guava:28.0-jre'
}
diff --git a/solr/home/solrdefault/conf/solrconfig.xml
b/solr/home/solrdefault/conf/solrconfig.xml
index b9e8e06..f597685 100644
--- a/solr/home/solrdefault/conf/solrconfig.xml
+++ b/solr/home/solrdefault/conf/solrconfig.xml
@@ -35,7 +35,7 @@
that you fully re-index after changing this setting as it can
affect both how text is indexed and queried.
-->
- <luceneMatchVersion>8.11.1</luceneMatchVersion>
+ <luceneMatchVersion>8.11.0</luceneMatchVersion>
<!-- <lib/> directives can be used to instruct Solr to load any Jars
identified and use them to resolve any "plugins" specified in
