themes/solr/templates/security.html (73 lines of code) (raw):
{% extends "page.html" %}
{% block ng_directives %}x-ng-app-root="/solr"{% endblock %}
{% block rss %}<link rel="alternate" type="application/atom+xml" title="Solr security announce feed" href="/feeds/solr/security.atom.xml" />{% endblock %}
{% block content_inner %}
<div class="small-12 columns">
<style type="text/css">
.headerlink, .elementid-permalink {
visibility: hidden;
}
h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink {
visibility: visible;
}
</style>
<h1 id="solr-news">Solr<sup>™</sup> Security News<a class="headerlink" href="#solr-news" title="Permanent link">¶</a></h1>
{{page.content}}
<h1 id="recent-cve-reports-for-apache-solr">Recent CVE reports for Apache Solr</h1>
<p>Below is a list of already announced CVE vulnerabilities. These are also available as an <a href="/feeds/solr/security.atom.xml">ATOM feed</a>:</p>
<table>
<tr>
<th width="130">CVE#</th>
<th width="95">Date</th>
<th>Announcement</th>
</tr>
{% for article in (articles | selectattr("category.name", "eq", "solr/security")|list)[:15] %}
<tr>
<td>{% if article.cve %}<a href="https://nvd.nist.gov/vuln/detail/{{ article.cve }}">{{ article.cve }}</a>{% endif %}</td>
<td>{{ article.date | strftime("%Y-%m-%d") }}</td>
<td><a href="#{{ article.slug }}">{{ article.title | regex_replace('^CVE.*?: ', '') }}</a></td>
</tr>
{% endfor %}
</table>
{% for article in (articles | selectattr("category.name", "eq", "solr/security")|list)[:15] %}
<h2 id="{{ article.slug }}">{{ article.date | strftime("%Y-%m-%d") }}, {{ article.title }}
<a class="headerlink" href="#{{article.slug}}" title="Permanent link">¶</a>
</h2>
{{article.content}}
<hr/>
{% endfor %}
<h1 id="cve-reports-for-apache-solr-dependencies">CVE reports for Apache Solr dependencies</h1>
<p>Below is a list of CVE vulnerabilities in Apache Solr dependencies, and the state of their applicability to Solr.</p>
<p>We are currently experimenting with providing this information in a <a href="#vex">machine-readable VEX format</a> and encourage you to participate.</p>
<table>
<tr>
<th>id</th>
<th>versions</th>
<th>jars</th>
<th>state</th>
<th>detail</th>
</tr>
{# CVE's that do affect Solr have their own advisory page above #}
{% for v in (vex | selectattr("analysis.state", "ne", "exploitable")) %}
<tr>
<td>
{% for id in v.ids %}
{% if id.startswith('CVE') %}<a href="https://nvd.nist.gov/vuln/detail/{{ id }}">{{ id }}</a>{% else %}{{ id }}{% endif %}
{%- if not loop.last %}, {% endif %}
{% endfor %}
</td>
<td>
{{ v.versions }}
</td>
<td>
{% for jar in v.jars %}
{{ jar }}{% if not loop.last %}, {% endif %}
{% endfor %}
</td>
<td>{{ v.analysis.state.replace('_', ' ') }}</td>
<td>{{ sub("(https://.*?)([.;]\s)", "<a href=\"\\1\">\\1</a>\\2", v.analysis.detail) }}</td>
</tr>
{% endfor %}
</table>
</div>
{% endblock content_inner %}