lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Walter Underwood <wun...@wunderwood.org>
Subject Re: Vulnerabilities in SOLR 8.6.2
Date Fri, 11 Dec 2020 17:56:20 GMT
1. There is no Solr support team. This is a mailing list of volunteers using the software.
2. I do not recommend running Solr in a Docker container for production.
3. Please review the Solr Jira for security issues. If you believe that there are security
vulnerabilities that need to be fixed, open a Jira issue.

https://issues.apache.org/jira/projects/SOLR/issues/SOLR-14792?filter=allopenissues

wunder
Walter Underwood
wunder@wunderwood.org
http://observer.wunderwood.org/  (my blog)

> On Dec 11, 2020, at 8:50 AM, Narayanan, Lakshmi <lakshmi.narayanan@mmc.com.INVALID>
wrote:
> 
> Can anyone please advise?
> Who else should be notified to get some guidance on this please??
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <mailto:lakshmi.narayanan@mmc.com>>

> Sent: Friday, November 13, 2020 11:21 AM
> To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> This is my 5th attempt in the last 60 days
> Is there anyone looking at these mails?
> Does anyone care?? L
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <mailto:lakshmi.narayanan@mmc.com>>

> Sent: Thursday, October 22, 2020 1:06 PM
> To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> This is my 4th attempt to contact
> Please advise, if there is a build that fixes these vulnerabilities
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <mailto:lakshmi.narayanan@mmc.com>>

> Sent: Sunday, October 18, 2020 4:01 PM
> To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org>
> Subject: FW: Vulnerabilities in SOLR 8.6.2
>  
> SOLR-User Support team
> Is there anyone who can answer my question or can point to someone who can help
> I have not had any response for the past 3 weeks !?
> Please advise
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <mailto:lakshmi.narayanan@mmc.com>>

> Sent: Sunday, October 04, 2020 2:11 PM
> To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org>
> Cc: Chattopadhyay, Salil <salil.chattopadhyay@mmc.com <mailto:salil.chattopadhyay@mmc.com>>;
Mutnuri, Vishnu D <vishnu.d.mutnuri@mmc.com <mailto:vishnu.d.mutnuri@mmc.com>>;
Pathak, Omkar <omkar.pathak@mmc.com <mailto:omkar.pathak@mmc.com>>; Shenouda,
Nasir B <nasir.b.shenouda@mmc.com <mailto:nasir.b.shenouda@mmc.com>>
> Subject: RE: Vulnerabilities in SOLR 8.6.2
>  
> Hello Solr-User Support team
> Please advise or provide further guidance on the request below
>  
> Thank you!
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> From: Narayanan, Lakshmi <lakshmi.narayanan@mmc.com <mailto:lakshmi.narayanan@mmc.com>>

> Sent: Monday, September 28, 2020 1:52 PM
> To: solr-user@lucene.apache.org <mailto:solr-user@lucene.apache.org>
> Cc: Chattopadhyay, Salil <salil.chattopadhyay@mmc.com <mailto:salil.chattopadhyay@mmc.com>>;
Mutnuri, Vishnu D <vishnu.d.mutnuri@mmc.com <mailto:vishnu.d.mutnuri@mmc.com>>;
Pathak, Omkar <omkar.pathak@mmc.com <mailto:omkar.pathak@mmc.com>>; Shenouda,
Nasir B <nasir.b.shenouda@mmc.com <mailto:nasir.b.shenouda@mmc.com>>
> Subject: Vulnerabilities in SOLR 8.6.2
> Importance: High
>  
> Hello Solr-User Support team
> We have installed the SOLR 8.6.2 package into docker container in our DEV environment.
Prior to using it, our security team scanned the docker image using SysDig and found a lot
of Critical/High/Medium vulnerabilities. The full list is in the attached spreadsheet
>  
> Scan Summary
> 30 STOPS     190 WARNS    188 Vulnerabilities
>  
> Please advise or point us to how/where to get a package that has been patched for the
Critical/High/Medium vulnerabilities in the attached spreadsheet
> Your help will be gratefully received
>  
>  
> Lakshmi Narayanan
> Marsh & McLennan Companies
> 121 River Street, Hoboken,NJ-07030
> 201-284-3345
> M: 845-300-3809
> Email: Lakshmi.narayanan@mmc.com <mailto:Lakshmi.narayanan@mmc.com>
>  
>  
> 
> 
> 
> **********************************************************************
> This e-mail, including any attachments that accompany it, may contain 
> information that is confidential or privileged. This e-mail is 
> intended solely for the use of the individual(s) to whom it was intended to be
> addressed. If you have received this e-mail and are not an intended recipient,
> any disclosure, distribution, copying or other use or 
> retention of this email or information contained within it are prohibited.
> If you have received this email in error, please immediately 
> reply to the sender via e-mail and also permanently
> delete all copies of the original message together with any of its attachments
> from your computer or device. 
> **********************************************************************
> <SOLR862 Vulnerabilities.xlsx>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message