: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/lucene-solr.git
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/java-team/lucene-solr
- Last scan: 2020-06-02 22:11:06+00
- Next scan: 2020-06-11 14:17:00+00
- Debian changelog in Git:
lucene-solr (3.6.2+dfsg-22) unstable; urgency=medium
* Add myself to Uploaders and remove Jakub Adam, James Page and Mat Scales
because they are not active anymore.
* Declare compliance with Debian Policy 4.4.1.
* Fix CVE-2019-0193:
The DataImportHandler, an optional but popular module to pull in data from
databases and other sources, has a feature in which the whole DIH
configuration can come from a request's "dataConfig" parameter. The debug
mode of the DIH admin screen uses this to allow convenient debugging /
development of a DIH config. Since a DIH config can contain scripts, this
parameter is a security risk. Starting from now on, use of this parameter
requires setting the Java System property "enable.dih.dataConfigParam" to
true. For example this can be achieved with solr-tomcat by adding
-Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat9.
-- Markus Koschany <firstname.lastname@example.org> Thu, 10 Oct 2019 17:39:16 +0200
- This branch is even with tag debian/3.6.2+dfsg-22