First published: 2023-09-08


LOCKSS 2.x to date (2.0.72-alpha7 as of this writing), when used with its embedded Apache Solr container, is not affected by CVE-2022-39135.

The successive embedded Apache Solr containers used by default in LOCKSS 2.x up to and including version 2.0.72-alpha7, namely versions 6.6.5, 7.2.1, and 8.11.2 of Solr, are not used in the vulnerable manner described in CVE-2022-39135. No action is required if using LOCKSS 2.0.72-alpha7 or earlier with embedded Solr (the default mode).