Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-5520

Backport some security fixes from 4.x to 3.6.x branch

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.2
    • Fix Version/s: 3.6.3
    • Component/s: None
    • Labels:

      Description

      Redhat wants to backport some security fixes we applied in 4.1 and 4.6 to the Solr tree to 3.6, because their user-base still uses this version. To help them with backporting across the major API/version changes, we should also do this on the 3.6 branch.

      Redhat already assigned 3 CVE numbers to these issues and take the older issues seriously, and they will patch older versions and also force users to upgrade. cf, CVE-2013-6397 (SOLR-4882), CVE-2013-6407 (SOLR-3895), CVE-2013-6408 (SOLR-4881).

      To fully fix, we might need to backport more patches. I will take care of this. This issue may be useful, if we release a 3.6.3 package.

        Attachments

        1. SOLR-4882-fix.patch
          2 kB
          Uwe Schindler
        2. SOLR-4882-36.patch
          10 kB
          Uwe Schindler
        3. SOLR-4481-3895-36.patch
          23 kB
          Uwe Schindler
        4. CVE-fixes-Solr36.patch
          33 kB
          Uwe Schindler

          Issue Links

            Activity

              People

              • Assignee:
                thetaphi Uwe Schindler
                Reporter:
                thetaphi Uwe Schindler
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: