Solr/Lucene 7.1.0 was released recently, so the question is if Solr/lucene should be updated?
Update: there are two security vulnerabilities and it is recommended to upgrade to 7.1.0 asap.
Hi Michael, Julian
Yes please do ASAP, if possible. A CVE label should be added, and I'd make clear the CVE number in the description. Thanks!
7.1.0 was released yesterday, I think we should update to this version then.
Update to 7.1.0 is committed in trunk r1812790.
Thanks Julian for reporting.