October 24, 2022
Dipsy Kapoor
|
If you follow Apache Software Foundation community news, there were two critical Common Vulnerabilities and Exposures (CVEs) that have been recently published in the National Vulnerability Database (NVD).
The CVEs are CVE-2022-42889 and CVE-2022-33980, and both have a severity score of 9.8. We want to let our SearchStax Cloud customers know that SearchStax Solr deployments are not vulnerable to either of these CVEs.
If you are interested in learning more about these CVEs, here is a brief description and links to further information.
CVE-2022-42889 affects the Apache commons-text libraries from 1.5 to 1.10.0. Solr Security Scanning Tools Site reports that Solr uses commons-text directly in LoadAdminUiServelt that is not vulnerable. Solr’s “hadoop-auth” module also uses commons-text.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
The other vulnerability CVE-2022-33890 affects the Apache commons configuration libraries 2.4 through 2.7. Solr uses commons-configuration2 for “hadoop-auth” only as again reported by Solr Security Scanning Tools Site.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
If you are a SearchStax customer and have any further questions, please contact your Customer Success manager.
The Stack is delivered bi-monthly with industry trends, insights, products and more
Copyrights © SearchStax Inc.2014-2024. All Rights Reserved.
SearchStax Site Search solution is engineered to give marketers the agility they need to optimize site search outcomes. Get full visibility into search analytics and make real-time changes with one click.
close
SearchStax Managed Search service automates, manages and scales hosted Solr infrastructure in public or private clouds. Free up developers for value-added tasks and reduce costs with fewer incidents.
close
close