Optimizely
If you follow Apache Software Foundation community news, there were two critical Common Vulnerabilities and Exposures (CVEs) that have been recently published in the National Vulnerability Database (NVD).
The CVEs are CVE-2022-42889 and CVE-2022-33980, and both have a severity score of 9.8. We want to let our SearchStax Cloud customers know that SearchStax Solr deployments are not vulnerable to either of these CVEs.
If you are interested in learning more about these CVEs, here is a brief description and links to further information.
CVE-2022-42889 – Apache Commons-Text Libraries
CVE-2022-42889 affects the Apache commons-text libraries from 1.5 to 1.10.0. Solr Security Scanning Tools Site reports that Solr uses commons-text directly in LoadAdminUiServelt that is not vulnerable. Solr’s “hadoop-auth” module also uses commons-text.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
CVE-2022-3380 – Apache Commons Configuration Libraries
The other vulnerability CVE-2022-33890 affects the Apache commons configuration libraries 2.4 through 2.7. Solr uses commons-configuration2 for “hadoop-auth” only as again reported by Solr Security Scanning Tools Site.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
If you are a SearchStax customer and have any further questions, please contact your Customer Success manager.
Get Our Newsletter
The Stack is delivered bi-monthly with industry trends, insights, products and more
Dipsy Kapoor is VP of Engineering at SearchStax, leading teams that build and operate cloud-native search solutions. With a background in search, scalable systems and product engineering, she cares deeply about reliability, relevance, and shipping high-impact features that help customers succeed.
