If you follow Apache Software Foundation community news, there were two critical Common Vulnerabilities and Exposures (CVEs) that have been recently published in the National Vulnerability Database (NVD).
The CVEs are CVE-2022-42889 and CVE-2022-33980, and both have a severity score of 9.8. We want to let our SearchStax Cloud customers know that SearchStax Solr deployments are not vulnerable to either of these CVEs.
If you are interested in learning more about these CVEs, here is a brief description and links to further information.
CVE-2022-42889 affects the Apache commons-text libraries from 1.5 to 1.10.0. Solr Security Scanning Tools Site reports that Solr uses commons-text directly in LoadAdminUiServelt that is not vulnerable. Solr’s “hadoop-auth” module also uses commons-text.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
The other vulnerability CVE-2022-33890 affects the Apache commons configuration libraries 2.4 through 2.7. Solr uses commons-configuration2 for “hadoop-auth” only as again reported by Solr Security Scanning Tools Site.
SearchStax Solr deployments do not use this Hadoop Authorization Module and are not vulnerable to CVE-2022-42899.
SearchStax was founded to transform search experiences. In the past, making search easy was hard! Since our founding in 2015, it’s been our mission to make search experiences powerful and accessible
Relevance Models in SearchStax Studio are designed to improve the overall search experience by fine-tuning how Studio responds to search queries. Before diving into the configurations, set your goals.
SearchStax is excited to announce SearchStax Studio support in four new regions and 23 additional languages
Copyrights © SearchStax Inc.2014-2023. All Rights Reserved.
close
close
