Control: severity -1 important
Hi,
Thanks for the report!
On 02:03 Mon 26 Jun , Barnabas Bona wrote:
> Package: dovecot-solr
> Version: 1:2.2.27-3
> Severity: normal
> Tags: patch
>
> Hi,
>
> unfortunately in dovecot 2.2.27 there is a known bug (introduced with commit
> f3b0efdcbd0bd9059574c8f86d6cb43e16c8e521)
> in the solr query construction code, which includes unescaped {} characters
> in the query string. As this violates
> the RFC 3986, solr reject the query, making the whole FTS defunct.
>
> I think this bug should be considered as severe, as it renders the whole
> package unusable.
Well, it doesn't render dovecot unusable, just dovecot-solr. Also the
bug has been there since 2.2.22 (with many users using the backports
version), only to be noticed and fixed upstream in 2.2.28.
Of course that doesn't mean we should not fix it, I just don't consider
it grave or serious. I'll prepare a stable update fixing this (and
probably more) for Stretch.
Thanks,
Apollon
