Address CVE-2014-3628 #571
Conversation
|
@pburkholder Thanks for this. A couple of todo's based on the process in CONTRIBUTING.md:
Also, do you know if we are actively affected by that CVE or is this a "we are out of date and there are CVEs against the version we are on"-type update. Either way we should update but it does affect what we say about it in the release notes. |
|
Wilson build link: http://wilson.ci.chef.co/job/chef-server-12-build/1513/ |
irvingpop
force-pushed
the
pdb/CVE-2014-3628
branch
from
bddc9bf to
3fc99f6
Compare
|
That build failed because the s3 cache entry was missing for Solr 4.10.4 ( @pburkholder I rebased this branch (heads up, I force pushed) and am sending a new build through wilson right now: http://wilson.ci.chef.co/job/chef-server-12-build/1516/ |
|
Validated this build under load (via ec-metal) - upgrade from an earlier build works, everything looks good. paging @chef/lob for review |
|
I'm 👍 thanks for the testing @irvingpop |
|
👍 - let's get the changelog updated too |
Changelog-Entry: Update Solr to 4.10.4 to address CVE-2014-3628
Close an audit finding: http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%[email protected]%3E