There is a vulnerability in Tika, which is used in Solr:
https://github.com/advisories/GHSA-f58c-gq56-vjjf
I just released collective.solr 10.1.0 with support for Solr 9.10, which fixes this vulnerability:
1 Like
@tisto How did you determine that solr 9.10 fixes this vulnerability? It appears to include tika-core 1.28.5 and tika-parsers 1.28.5, which are still in the range considered vulnerable.
1 Like
You are correct. I was under the assumption that Solr 9.10 fixes the issue. There is still no release for Solr 9.11 or Solr 10 that fixes that issue. Therefore, the only way to avoid the vulnerability is to upgrade and run Tika separately.