Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13819

Upgrade jackson to 2.9.10

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • None
    • None
    • None
    • None

    Description

      We use twistlock for security compliance and Solr 7.7.2 seems to have some vulnerabilities because of jackson-databind v2.9.8. Here is the list of CVEs with corresponding severity for v2.9.8:

      1. CVE-2019-14379 : CRITICAL
      2. CVE-2019-14540 : HIGH
      3. CVE-2019-16335 : HIGH
      4. CVE-2019-14439 : HIGH
      5. CVE-2019-12086 : HIGH
      6. CVE-2019-12384 : MEDIUM
      7. CVE-2019-12814 : MEDIUM

      Here is the list of CVs that are applied only to v2.9.9 (current master):

      1. CVE-2019-14540 : HIGH
      2. CVE-2019-16335 : HIGH

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              meskallito Serj Krasnov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: