Details
-
Task
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
9.0
-
None
Description
There's not a whole lot of risk here because of the limited surface area of Restlet in the project. ichattopadhyaya even suggested we could remove it, which I tend to agree with.
I noticed that the Restlet dependency's location was no longer resolving at: https://repo1.maven.org/maven2/org/restlet/jee/org.restlet/2.4.0/org.restlet-2.4.0.jar.
Now, of course, I could change it to a location that does resolve or download directly. However, I looking at the changelog I thought that maybe I should raise with the community that it an upgrade might be helpful given the CVEs.
I will leave it to the experts as to whether it makes a difference, but here's the changelog for reference.
The Lucene tests passed when I upgraded to 2.4.3 but I'm still digging in. It is very likely that 2.4.1 would be better. I'd leave that, again, to the experts and post my findings.
Attachments
Issue Links
- causes
-
SOLR-14906 solr-core depends on restlet 2.4.3 that is missing from Maven repo
-
- Resolved
-
- is a clone of
-
LUCENE-9420 Restlet Dependency
-
- Resolved
-
- links to
