7.7.3 bugfix release

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

7.7.3 bugfix release

Noble Paul നോബിള്‍  नोब्ळ्
I'm planning to back port  SOLR-14013 and do a bug fix release soon.
Please let me know if there is anything hat you wish to be included

--
-----------------------------------------------------
Noble Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Jan Høydahl / Cominvent
According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.

Jan

13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:

I'm planning to back port  SOLR-14013 and do a bug fix release soon.
Please let me know if there is anything hat you wish to be included

--
-----------------------------------------------------
Noble Paul

---------------------------------------------------------------------
To unsubscribe, [hidden email]
For additional commands, [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Noble Paul നോബിള്‍  नोब्ळ्
Do you wish to backport them?

On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:

>
> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>
> Jan
>
> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>
> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
> Please let me know if there is anything hat you wish to be included
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
-----------------------------------------------------
Noble Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Jan Høydahl / Cominvent
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Houston Putman
It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the description in the JIRA, it looks like backporting https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 should be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[hidden email]> wrote:
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Ishan Chattopadhyaya
+1, Houston. That's my understanding as well. Please go ahead with the backport.

On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[hidden email]> wrote:
It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the description in the JIRA, it looks like backporting https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 should be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[hidden email]> wrote:
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Jan Høydahl / Cominvent
What commit hash is the backport of SOLR-13971? I cannot find it and there is no CHANGES entry…?

14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <[hidden email]>:

+1, Houston. That's my understanding as well. Please go ahead with the backport.

On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[hidden email]> wrote:
It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the description in the JIRA, it looks like backporting https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 should be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[hidden email]> wrote:
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Jan Høydahl / Cominvent
Falde alarm, I needed to update my branch :)

Jan Høydahl

14. feb. 2020 kl. 19:11 skrev Jan Høydahl <[hidden email]>:

What commit hash is the backport of SOLR-13971? I cannot find it and there is no CHANGES entry…?

14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <[hidden email]>:

+1, Houston. That's my understanding as well. Please go ahead with the backport.

On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[hidden email]> wrote:
It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the description in the JIRA, it looks like backporting https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 should be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[hidden email]> wrote:
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: 7.7.3 bugfix release

Houston Putman
I've backported SOLR-13v69. After you add in SOLR-14013 Noble, we should be good to go with 7.7.3 I think.

- Houston

On Fri, Feb 14, 2020 at 1:17 PM Jan Høydahl <[hidden email]> wrote:
Falde alarm, I needed to update my branch :)

Jan Høydahl

14. feb. 2020 kl. 19:11 skrev Jan Høydahl <[hidden email]>:

What commit hash is the backport of SOLR-13971? I cannot find it and there is no CHANGES entry…?

14. feb. 2020 kl. 17:52 skrev Ishan Chattopadhyaya <[hidden email]>:

+1, Houston. That's my understanding as well. Please go ahead with the backport.

On Fri, 14 Feb, 2020, 9:02 PM Houston Putman, <[hidden email]> wrote:
It looks like CVE-2019-17558 / SOLR-13971 has already been taken care of: https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17014356&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17014356

So now CVE-2019-0193 / SOLR-13669 should be the only blocker. By the description in the JIRA, it looks like backporting https://github.com/apache/lucene-solr/commit/025f8763549151397284af28091cfd360307baa2 should be enough. Is this correct, or am I missing something?

- HOuston

On Thu, Feb 13, 2020 at 12:59 PM Jan Høydahl <[hidden email]> wrote:
I’m afraid I don’t have the bandwidth the next couple of weeks.

Jan Høydahl

> 13. feb. 2020 kl. 16:27 skrev Noble Paul <[hidden email]>:
>
> Do you wish to backport them?
>
>> On Thu, Feb 13, 2020 at 7:55 PM Jan Høydahl <[hidden email]> wrote:
>>
>> According to NVD, there are at least two published CVEs that affects 7.7.2 (CVE-2019-17558 / SOLR-13971 and CVE-2019-0193 / SOLR-13669). We cannot release 7.7.3 with these still present.
>>
>> Jan
>>
>> 13. feb. 2020 kl. 06:42 skrev Noble Paul <[hidden email]>:
>>
>> I'm planning to back port  SOLR-14013 and do a bug fix release soon.
>> Please let me know if there is anything hat you wish to be included
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, %-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]