XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      The latest release (master branch) are using Lucene 3.6.0

      https://github.com/apache/jackrabbit/blob/trunk/jackrabbit-parent/pom.xml#L468

      Which are used by jackrabbit-core

      As there is known CVEs reported against this old Lucene version. Then I wonder if you guys would be able to upgrade to a newer Lucene version that does not the issue.

      At Apache Camel we had this reported

      Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
      CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
      Import Path: components/camel-jcr/pom.xml
      Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1

      https://issues.apache.org/jira/projects/CAMEL/issues/CAMEL-14640

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                davsclaus Claus Ibsen
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: