Add changes entries for CVE-2024-45772 and related commits

This commit is contained in:
Uwe Schindler 2024-09-30 17:26:09 +02:00
parent 5ce9f6edca
commit c991212da0
1 changed files with 8 additions and 0 deletions

View File

@ -318,6 +318,12 @@ Build
======================== Lucene 9.12.0 ======================= ======================== Lucene 9.12.0 =======================
Security Fixes
---------------------
* Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator - CVE-2024-45772
(Summ3r from Vidar-Team, Robert Muir, Paul Irwin)
API Changes API Changes
--------------------- ---------------------
@ -510,6 +516,8 @@ Other
* GITHUB#13720: Add float comparison based on unit of least precision and use it to stop test failures caused by float * GITHUB#13720: Add float comparison based on unit of least precision and use it to stop test failures caused by float
summation not being associative in IEEE 754. (Alex Herbert, Stefan Vodita) summation not being associative in IEEE 754. (Alex Herbert, Stefan Vodita)
* Remove code triggering forbidden-apis regarding Java serialization. (Uwe Schindler, Robert Muir)
======================== Lucene 9.11.1 ======================= ======================== Lucene 9.11.1 =======================
Bug Fixes Bug Fixes