CVE-2022-39135

First published: 2023-09-08

Tip

LOCKSS 2.x to date (2.0.72-alpha7 as of this writing), when used with its embedded Apache Solr container, is not affected by CVE-2022-39135.

The successive embedded Apache Solr containers used by default in LOCKSS 2.x up to and including version 2.0.72-alpha7, namely versions 6.6.5, 7.2.1, and 8.11.2 of Solr, are not used in the vulnerable manner described in CVE-2022-39135. No action is required if using LOCKSS 2.0.72-alpha7 or earlier with embedded Solr (the default mode).

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-39135

• https://solr.apache.org/security.html#apache-solr-is-vulnerable-to-cve-2022-39135-via-sql-handler