Hello, I have been a Solr user for quite some time, but I have never participated in these mail lists nor contributed to the project, so sorry about that. In our project, we are using Apache Solr 8.11.3, and we have been told about some vulnerabilities affecting a library included in this version ( *Hadoop* v3.2.4): CVE-2024-23454 <https://nvd.nist.gov/vuln/detail/cve-2024-23454> and EOL <https://endoflife.date/apache-hadoop>. We have checked, and the last Solr v8.x version (8.11.4), which solves other critical vulnerabilities (CVE-2024-45217 <https://nvd.nist.gov/vuln/detail/CVE-2024-45217>,CVE-2024-45216 <https://nvd.nist.gov/vuln/detail/CVE-2024-45216>), still uses this version of *Hadoop*, but we have not found anything about it in Jira, so we have downloaded the sources and changed directly the version number on *./lucene/ivy-versions.properties *to 3.4.0. After that, we have built the project and deployed it, and everything seems to be working fine so far. Could you please consider applying this change for the next Solr 8.x release? Thank you very much. Best,
Octavio González Luna Software Architect Tlf.: +34 954 51 75 77 *LEGAL NOTICE*
