Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-16078: Create SolrJ sub-modules, including solrj-core #945

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

SOLR-16078: Create SolrJ sub-modules, including solrj-core #945

wants to merge 3 commits into from

Conversation

HoustonPutman
Copy link
Contributor

https://issues.apache.org/jira/browse/SOLR-16078

TODO:

  • Upgrade Notes
  • Decide on Artifact Naming & Groups (Discussion on JIRA)

This will wait on #943 to merge

@HoustonPutman HoustonPutman marked this pull request as draft July 15, 2022 18:37
sonatype-lift[bot]
sonatype-lift bot reviewed Jul 15, 2022
View reviewed changes
solr/solrj/core/build.gradle
implementation 'org.apache.commons:commons-math3'

api 'org.eclipse.jetty.http2:http2-client'
implementation 'org.eclipse.jetty.http2:http2-http-client-transport'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moderate Vulnerability:

pkg:maven/org.eclipse.jetty.http2/[email protected]

0 Critical, 0 Severe, 2 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies

Components
    pkg:maven/org.eclipse.jetty/[email protected]
      MODERATE Vulnerabilities (1)

        [CVE-2022-2047] CWE-20: Improper Input Validation

        In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

        CVSS Score: 2.7

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

    pkg:maven/org.eclipse.jetty/[email protected]
      MODERATE Vulnerabilities (1)

        [CVE-2022-2047] CWE-20: Improper Input Validation

        In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

        CVSS Score: 2.7

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed Jul 15, 2022
View reviewed changes
solr/solrj/core/build.gradle
api 'org.eclipse.jetty.http2:http2-client'
implementation 'org.eclipse.jetty.http2:http2-http-client-transport'
implementation 'org.eclipse.jetty:jetty-http'
implementation 'org.eclipse.jetty:jetty-client'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moderate Vulnerability:

pkg:maven/org.eclipse.jetty/[email protected]

0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.eclipse.jetty/[email protected]
      MODERATE Vulnerabilities (1)

        [CVE-2022-2047] CWE-20: Improper Input Validation

        In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

        CVSS Score: 2.7

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed Jul 15, 2022
View reviewed changes
solr/solrj/core/build.gradle

implementation 'org.apache.commons:commons-math3'

api 'org.eclipse.jetty.http2:http2-client'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moderate Vulnerability:

pkg:maven/org.eclipse.jetty.http2/[email protected]

0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.eclipse.jetty/[email protected]
      MODERATE Vulnerabilities (1)

        [CVE-2022-2047] CWE-20: Improper Input Validation

        In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

        CVSS Score: 2.7

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed Jul 15, 2022
View reviewed changes
solr/solrj/core/build.gradle

api 'org.eclipse.jetty.http2:http2-client'
implementation 'org.eclipse.jetty.http2:http2-http-client-transport'
implementation 'org.eclipse.jetty:jetty-http'
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moderate Vulnerability:

pkg:maven/org.eclipse.jetty/[email protected]

0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.eclipse.jetty/[email protected]
      MODERATE Vulnerabilities (1)

        [CVE-2022-2047] CWE-20: Improper Input Validation

        In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

        CVSS Score: 2.7

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HoustonPutman