Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype
Application Composition Report
To:
On 1/3/2019 11:15 AM, Bob Hathaway wrote:
> We want to use SOLR v7 but Sonatype scans past v6.5 show dozens of
> critical and severe security issues and dozens of licensing issues.
None of t
s the most
critical issue with Solr 7.6 at Level 9.1 in this year's CVSS 3.0. These
changes need to be tracked and updates and fixes incorporated into new Solr
versions.
https://nvd.nist.gov/vuln/detail/CVE-2015-1832
On Thu, Jan 3, 2019 at 12:19 PM Bob Hathaway wrote:
> Critical a
-7656 org.eclipse.jetty : jetty-http : 9.3.20.v20170531 Open
CVE-2012-0881 xerces : xercesImpl : 2.9.1 Open
CVE-2013-4002 xerces : xercesImpl : 2.9.1 Open
On Thu, Jan 3, 2019 at 12:15 PM Bob Hathaway wrote:
> We want to use SOLR v7 but Sonatype scans past v6.5 show dozens of
> critic
We want to use SOLR v7 but Sonatype scans past v6.5 show dozens of critical
and severe security issues and dozens of licensing issues. The critical
security violations using Sonatype are inline and are indexed with codes
from the National Vulnerability Database,
Are there recommended steps for run
