-
lucene-solr (3.6.2+dfsg-10+deb9u2build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high
* Team upload.
* Fix CVE-2018-1308: XML external entity expansion in Solr's
DataImportHandler. It can be used as XXE using file/ftp/http protocols in
order to read arbitrary local files from the Solr server or the internal
network. (Closes: #896604)
* Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml
to make solr-jetty work out-of-the-box. (Closes: #886090)
Thanks to J.P. Larocque for the report.
-- Seth Arnold <email address hidden> Wed, 09 May 2018 17:43:53 -0700
-
lucene-solr (3.6.2+dfsg-10+deb9u1build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
lucene-solr (3.6.2+dfsg-10+deb9u1) stretch-security; urgency=high
* Team upload.
* Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For
security reasons the RunExecutableListener class was permanently removed.
* Update debian/conf/solrconfig.xml and remove example configuration for
RunExecutableListener which had to be removed for security reasons.
* CVE-2017-3163: fix ReplicationHandler path traversal vulnerability.
(Closes: #867712)
-- Emily Ratliff <email address hidden> Mon, 12 Mar 2018 09:16:51 -0500
-
lucene-solr (3.6.2+dfsg-10) unstable; urgency=medium
* Team upload.
* Remove obsolete Resources className directive as it does not work with
Tomcat8. Thanks to Matthias Liertzer for the report. (Closes: #856626)
-- Markus Koschany <email address hidden> Thu, 30 Mar 2017 20:24:00 +0200
-
lucene-solr (3.6.2+dfsg-9) unstable; urgency=medium
* Team upload.
[ Emmanuel Bourg ]
* Switched the dependencies to tomcat8, libservlet3.1-java and jetty9
* Standards-Version updated to 3.9.8
* Use a secure Vcs-* URL
* Fixed the watch file
[ tony mancill ]
* Add Dutch translation of debconf messages. (Closes: #835136)
Thank you to Frans Spiesschaert for the translation.
-- Emmanuel Bourg <email address hidden> Mon, 24 Oct 2016 17:10:19 +0200
