Solr
  1. Solr
  2. SOLR-5897

JQuery file listed as version 1.7.2 but actually contains 1.4.3 code

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 4.1, 4.2, 4.2.1, 4.3, 4.3.1, 4.4, 4.5, 4.5.1, 4.6, 4.6.1, 4.7
    • Fix Version/s: 4.8, 4.9, 6.0
    • Component/s: web gui
    • Labels:
    • Environment:

      All

      Description

      The "example\webapps\solr.war" file contains a "jquery-1.7.2.min.js" file whose name suggests that it is version 1.7.2. However, the file actually contains version 1.4.3 code. (This code may be subject to CVE-2011-4969.)

      (I think I read something about a functional roll-back from JQuery 1.5.1 to 1.4.3 in other issues - if so, could possibly be related?)

      1. SOLR-5897.patch
        171 kB
        Stefan Matheis (steffkes)

        Activity

        Hide
        Stefan Matheis (steffkes) added a comment - - edited

        That's actually right - looks like the file only got renamed in r1311442. Patch attached

        Show
        Stefan Matheis (steffkes) added a comment - - edited That's actually right - looks like the file only got renamed in r1311442 . Patch attached
        Hide
        Stefan Matheis (steffkes) added a comment -

        I'm going to commit this tomorrow

        Show
        Stefan Matheis (steffkes) added a comment - I'm going to commit this tomorrow
        Hide
        ASF subversion and git services added a comment -

        Commit 1588898 from steffkes@apache.org in branch 'dev/trunk'
        [ https://svn.apache.org/r1588898 ]

        SOLR-5897: JQuery file listed as version 1.7.2 but actually contains 1.4.3 code

        Show
        ASF subversion and git services added a comment - Commit 1588898 from steffkes@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1588898 ] SOLR-5897 : JQuery file listed as version 1.7.2 but actually contains 1.4.3 code
        Hide
        ASF subversion and git services added a comment -

        Commit 1588900 from steffkes@apache.org in branch 'dev/branches/branch_4x'
        [ https://svn.apache.org/r1588900 ]

        SOLR-5897: JQuery file listed as version 1.7.2 but actually contains 1.4.3 code (merge r1588898)

        Show
        ASF subversion and git services added a comment - Commit 1588900 from steffkes@apache.org in branch 'dev/branches/branch_4x' [ https://svn.apache.org/r1588900 ] SOLR-5897 : JQuery file listed as version 1.7.2 but actually contains 1.4.3 code (merge r1588898)
        Hide
        Uwe Schindler added a comment -

        The new file is missing license header, "ant rat-sources" complains correctly. The old file had MIT license.

        Show
        Uwe Schindler added a comment - The new file is missing license header, "ant rat-sources" complains correctly. The old file had MIT license.
        Hide
        ASF subversion and git services added a comment -

        Commit 1588913 from steffkes@apache.org in branch 'dev/trunk'
        [ https://svn.apache.org/r1588913 ]

        SOLR-5897: Add license header

        Show
        ASF subversion and git services added a comment - Commit 1588913 from steffkes@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1588913 ] SOLR-5897 : Add license header
        Hide
        ASF subversion and git services added a comment -

        Commit 1588914 from steffkes@apache.org in branch 'dev/trunk'
        [ https://svn.apache.org/r1588914 ]

        SOLR-5897: modify CHANGES.txt, backport to 4.8

        Show
        ASF subversion and git services added a comment - Commit 1588914 from steffkes@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1588914 ] SOLR-5897 : modify CHANGES.txt, backport to 4.8
        Hide
        Uwe Schindler added a comment -

        Stefan Matheis (steffkes): As 1.4.3 has a security vulnerability, I am fine to backport this to 4.8. I will build RC tomorrow.

        Show
        Uwe Schindler added a comment - Stefan Matheis (steffkes) : As 1.4.3 has a security vulnerability, I am fine to backport this to 4.8. I will build RC tomorrow.
        Hide
        ASF subversion and git services added a comment -

        Commit 1588917 from steffkes@apache.org in branch 'dev/branches/branch_4x'
        [ https://svn.apache.org/r1588917 ]

        SOLR-5897: Add license header, modify CHANGES.txt, backport to 4.8 (merge r1588913, r1588914)

        Show
        ASF subversion and git services added a comment - Commit 1588917 from steffkes@apache.org in branch 'dev/branches/branch_4x' [ https://svn.apache.org/r1588917 ] SOLR-5897 : Add license header, modify CHANGES.txt, backport to 4.8 (merge r1588913, r1588914)
        Hide
        ASF subversion and git services added a comment -

        Commit 1588920 from steffkes@apache.org in branch 'dev/branches/lucene_solr_4_8'
        [ https://svn.apache.org/r1588920 ]

        SOLR-5897: JQuery file listed as version 1.7.2 but actually contains 1.4.3 code (merge r1588898, r1588913, r1588914)

        Show
        ASF subversion and git services added a comment - Commit 1588920 from steffkes@apache.org in branch 'dev/branches/lucene_solr_4_8' [ https://svn.apache.org/r1588920 ] SOLR-5897 : JQuery file listed as version 1.7.2 but actually contains 1.4.3 code (merge r1588898, r1588913, r1588914)
        Hide
        ASF subversion and git services added a comment -

        Commit 1588954 from steffkes@apache.org in branch 'dev/trunk'
        [ https://svn.apache.org/r1588954 ]

        SOLR-5897: clarify what has been done for CHANGES.txt

        Show
        ASF subversion and git services added a comment - Commit 1588954 from steffkes@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1588954 ] SOLR-5897 : clarify what has been done for CHANGES.txt
        Hide
        ASF subversion and git services added a comment -

        Commit 1588955 from steffkes@apache.org in branch 'dev/branches/branch_4x'
        [ https://svn.apache.org/r1588955 ]

        SOLR-5897: clarify what has been done for CHANGES.txt (merge r1588954)

        Show
        ASF subversion and git services added a comment - Commit 1588955 from steffkes@apache.org in branch 'dev/branches/branch_4x' [ https://svn.apache.org/r1588955 ] SOLR-5897 : clarify what has been done for CHANGES.txt (merge r1588954)
        Hide
        ASF subversion and git services added a comment -

        Commit 1588956 from steffkes@apache.org in branch 'dev/branches/lucene_solr_4_8'
        [ https://svn.apache.org/r1588956 ]

        SOLR-5897: clarify what has been done for CHANGES.txt (merge r1588954)

        Show
        ASF subversion and git services added a comment - Commit 1588956 from steffkes@apache.org in branch 'dev/branches/lucene_solr_4_8' [ https://svn.apache.org/r1588956 ] SOLR-5897 : clarify what has been done for CHANGES.txt (merge r1588954)
        Hide
        Uwe Schindler added a comment -

        Close issue after release of 4.8.0

        Show
        Uwe Schindler added a comment - Close issue after release of 4.8.0

          People

          • Assignee:
            Stefan Matheis (steffkes)
            Reporter:
            Jonathan Lampe
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development