1. There is no Solr support team. This is a mailing list of volunteers using the software. 2. I do not recommend running Solr in a Docker container for production. 3. Please review the Solr Jira for security issues. If you believe that there are security vulnerabilities that need to be fixed, open a Jira issue.
https://issues.apache.org/jira/projects/SOLR/issues/SOLR-14792?filter=allopenissues wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Dec 11, 2020, at 8:50 AM, Narayanan, Lakshmi > <lakshmi.naraya...@mmc.com.INVALID> wrote: > > Can anyone please advise? > Who else should be notified to get some guidance on this please?? > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com > <mailto:lakshmi.naraya...@mmc.com>> > Sent: Friday, November 13, 2020 11:21 AM > To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org> > Subject: FW: Vulnerabilities in SOLR 8.6.2 > > This is my 5th attempt in the last 60 days > Is there anyone looking at these mails? > Does anyone care?? L > > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com > <mailto:lakshmi.naraya...@mmc.com>> > Sent: Thursday, October 22, 2020 1:06 PM > To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org> > Subject: FW: Vulnerabilities in SOLR 8.6.2 > > This is my 4th attempt to contact > Please advise, if there is a build that fixes these vulnerabilities > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com > <mailto:lakshmi.naraya...@mmc.com>> > Sent: Sunday, October 18, 2020 4:01 PM > To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org> > Subject: FW: Vulnerabilities in SOLR 8.6.2 > > SOLR-User Support team > Is there anyone who can answer my question or can point to someone who can > help > I have not had any response for the past 3 weeks !? > Please advise > > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com > <mailto:lakshmi.naraya...@mmc.com>> > Sent: Sunday, October 04, 2020 2:11 PM > To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org> > Cc: Chattopadhyay, Salil <salil.chattopadh...@mmc.com > <mailto:salil.chattopadh...@mmc.com>>; Mutnuri, Vishnu D > <vishnu.d.mutn...@mmc.com <mailto:vishnu.d.mutn...@mmc.com>>; Pathak, Omkar > <omkar.pat...@mmc.com <mailto:omkar.pat...@mmc.com>>; Shenouda, Nasir B > <nasir.b.sheno...@mmc.com <mailto:nasir.b.sheno...@mmc.com>> > Subject: RE: Vulnerabilities in SOLR 8.6.2 > > Hello Solr-User Support team > Please advise or provide further guidance on the request below > > Thank you! > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > From: Narayanan, Lakshmi <lakshmi.naraya...@mmc.com > <mailto:lakshmi.naraya...@mmc.com>> > Sent: Monday, September 28, 2020 1:52 PM > To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org> > Cc: Chattopadhyay, Salil <salil.chattopadh...@mmc.com > <mailto:salil.chattopadh...@mmc.com>>; Mutnuri, Vishnu D > <vishnu.d.mutn...@mmc.com <mailto:vishnu.d.mutn...@mmc.com>>; Pathak, Omkar > <omkar.pat...@mmc.com <mailto:omkar.pat...@mmc.com>>; Shenouda, Nasir B > <nasir.b.sheno...@mmc.com <mailto:nasir.b.sheno...@mmc.com>> > Subject: Vulnerabilities in SOLR 8.6.2 > Importance: High > > Hello Solr-User Support team > We have installed the SOLR 8.6.2 package into docker container in our DEV > environment. Prior to using it, our security team scanned the docker image > using SysDig and found a lot of Critical/High/Medium vulnerabilities. The > full list is in the attached spreadsheet > > Scan Summary > 30 STOPS 190 WARNS 188 Vulnerabilities > > Please advise or point us to how/where to get a package that has been patched > for the Critical/High/Medium vulnerabilities in the attached spreadsheet > Your help will be gratefully received > > > Lakshmi Narayanan > Marsh & McLennan Companies > 121 River Street, Hoboken,NJ-07030 > 201-284-3345 > M: 845-300-3809 > Email: lakshmi.naraya...@mmc.com <mailto:lakshmi.naraya...@mmc.com> > > > > > > ********************************************************************** > This e-mail, including any attachments that accompany it, may contain > information that is confidential or privileged. This e-mail is > intended solely for the use of the individual(s) to whom it was intended to be > addressed. If you have received this e-mail and are not an intended recipient, > any disclosure, distribution, copying or other use or > retention of this email or information contained within it are prohibited. > If you have received this email in error, please immediately > reply to the sender via e-mail and also permanently > delete all copies of the original message together with any of its attachments > from your computer or device. > ********************************************************************** > <SOLR862 Vulnerabilities.xlsx>
