Kevin & Colvin
Thanks for this details response.
Lotfi
On Thu, Dec 19, 2019 at 11:59 AM Colvin Cowie
wrote:
> Sorry, in Solr 8 and master there are some additional users of Jackson. But
> they still don't appear to use default typing or unrestricted subtypes.
>
>
> On Thu, 19 Dec 2019 at 16:5
Sorry, in Solr 8 and master there are some additional users of Jackson. But
they still don't appear to use default typing or unrestricted subtypes.
On Thu, 19 Dec 2019 at 16:50, Colvin Cowie
wrote:
> Hi,
>
> We've got users on Solr 6 (and use Jackson ourselves), so I had a look at
> this CVE an
Hi,
We've got users on Solr 6 (and use Jackson ourselves), so I had a look at
this CVE and related Jackson exploits, to see whether they are actually
exploitable in Solr.
- What parts of Solr actually use Jackson (I thought noggit was used for
the JSON de/serialization)?
- Do any of the
There are no specific plans for any 7.x branch releases that I'm aware of.
Specifically for SOLR-13110, that required upgrading Hadoop 2.x to 3.x for
specifically jackson-mapper-asl and there are no plans to backport that to
7.x even if there was a future 7.x release.
Kevin Risden
On Wed, Dec 18
