Advisory 2024-12/07 Solr Vulnerability
December 13, 2024
| Vulnerability type | Insecure Default Initialization of Resource |
| Severity factors | This vulnerability has a severity rating of moderate. |
| Versions affected | FileCloud versions 23.241.4 and earlier are affected. |
| Version fixed | FileCloud version 23.241.5 and later |
Description
In Solr versions 5.3.0 before 8.11.4, and from 9.0.0 before 9.7.0, an insecure default initialization of resource vulnerability enables ConfigSets that are created with unauthenticated requests to be trusted implicitly. This only occurs if authentication and authorization are not used when running Solr.
Fix
FileCloud version 23.241.5.28040 upgrades Solr to version 9.7 to fix this vulnerability.
What you should do to fix this vulnerability
- If you are using FileCloud Server, we recommended that you update to the latest version, which is 23.241.5.28040 or greater.
Note: Hotfixes applied after updating FileCloud to version 23.241.4 must be reapplied after upgrading to version 23.241.5. - If you are using FileCloud Online, your site will be upgraded to the latest version on December 14 through December 15.
If you have any questions about this advisory, please contact FileCloud support.