-
Task
-
Resolution: Invalid
-
Normal
-
None
-
5,404,361,569
CVE-2023-50386 affects package org.apache.solr:solr-core >= 6.0.0, < 8.11.3 which metabrainz/mb-solr depends on.
Please self-assign this ticket and check metabrainz/mb-solr alerts, then:
- Dismiss the corresponding alert in GitHub if there is a valid reason (patch in progress, no bandwidth, tolerable risk, inaccurate alert, or unused code) for.
- Create a new ticket in the affected JIRA project, link it to this ticket (do not move this ticket to another project), and address that new ticket.
In both case, GitHub Bot will close this ticket for you, except if you backport a patch on a vulnerable dependency.
This ticket has been created by SEC automation.
- has related issue
-
SEARCH-685 Upgrade to Solr 9
-
- In Beta Testing
-
[SEC-1211] [mb-solr] CVE-2023-50386: org.apache.solr:solr-core >= 6.0.0, < 8.11.3
Alert dismissed by yvanzo on GitHub for the following reason:
Risk is tolerable to this project
An upgrade to Solr 9 is coming soon, but the Configsets API is not accessible to MB Solr end-users, so this vulnerability doesn’t affect our instance anyway.
Alert has been resolved according to GitHub.