(Resending to the list. Sorry, Rick.)
FYI, my client was using 8.3.1, which should have mitigated the attack.
But the server was suffering a sudden death of the Solr process, and the log
showed it was being attacked using CVE-2019-17558.
We blocked the external access of Solr API. Then this su
Thanks Shawn.
On Fri, Feb 12, 2021 at 7:43 PM Shawn Heisey wrote:
> On 2/12/2021 11:17 AM, Rick Tham wrote:
> > I am trying to figure out if the following is an additioanal valid
> > mitigation step for CVE-2019-17558 on SOLR 6.1. None of our
> solrconfig.xml
> > contains the lib references to t
On 2/12/2021 11:17 AM, Rick Tham wrote:
I am trying to figure out if the following is an additioanal valid
mitigation step for CVE-2019-17558 on SOLR 6.1. None of our solrconfig.xml
contains the lib references to the velocity jar files as follows:
l
It doesn't appear that you can add these jar
