diff --git a/changelog/unreleased/PR#4555-increment_opennlp_version.yml b/changelog/unreleased/PR#4555-increment_opennlp_version.yml new file mode 100644 index 000000000000..c67eff9eafc8 --- /dev/null +++ b/changelog/unreleased/PR#4555-increment_opennlp_version.yml @@ -0,0 +1,8 @@ +# See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc +title: Increment OpenNLP to 1.9.5 fixing some CVE's +type: dependency_update # added, changed, fixed, deprecated, removed, dependency_update, security, other +authors: + - name: Eric Pugh +links: + - name: PR#4555 + url: https://github.com/apache/solr/pull/4555 diff --git a/solr/licenses/opennlp-tools-1.9.4.jar.sha1 b/solr/licenses/opennlp-tools-1.9.4.jar.sha1 deleted file mode 100644 index fa7e85dd48fb..000000000000 --- a/solr/licenses/opennlp-tools-1.9.4.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -dd5c4a6d82453bcccb78ba4ac90f166366dde12b diff --git a/solr/licenses/opennlp-tools-1.9.5.jar.sha1 b/solr/licenses/opennlp-tools-1.9.5.jar.sha1 new file mode 100644 index 000000000000..a17f09de2119 --- /dev/null +++ b/solr/licenses/opennlp-tools-1.9.5.jar.sha1 @@ -0,0 +1 @@ +15fd24951658ae6cd2bc9ccc7f005a8bbde7b2c7 diff --git a/solr/modules/analysis-extras/build.gradle b/solr/modules/analysis-extras/build.gradle index 09398b4ac5b5..18cdeb765605 100644 --- a/solr/modules/analysis-extras/build.gradle +++ b/solr/modules/analysis-extras/build.gradle @@ -31,7 +31,6 @@ dependencies { runtimeOnly 'org.apache.lucene:lucene-analysis-smartcn' runtimeOnly 'org.apache.lucene:lucene-analysis-stempel' implementation 'org.apache.lucene:lucene-core' - // NOTE: Need to stay on same version of opennlp-tools as lucene-analysis-opennlp implementation 'org.apache.opennlp:opennlp-tools' implementation 'org.slf4j:slf4j-api' diff --git a/solr/modules/langid/build.gradle b/solr/modules/langid/build.gradle index 6ce5a13b4dbe..dc6c5516bec4 100644 --- a/solr/modules/langid/build.gradle +++ b/solr/modules/langid/build.gradle @@ -28,7 +28,6 @@ dependencies { } implementation 'commons-io:commons-io' implementation 'com.cybozu.labs:langdetect' - // NOTE: Currently not defined in versions.props since we need to stay on same version as Lucene due to opennlp implementation 'org.apache.opennlp:opennlp-tools' implementation 'org.slf4j:slf4j-api' diff --git a/solr/solr-ref-guide/antora.yml b/solr/solr-ref-guide/antora.yml index 0cf97001dd35..cd4115334377 100644 --- a/solr/solr-ref-guide/antora.yml +++ b/solr/solr-ref-guide/antora.yml @@ -50,7 +50,7 @@ asciidoc: dep-version-dropwizard: '4.2.26' dep-version-hadoop: '3.4.1' dep-version-log4j: '2.21.0' - dep-version-opennlp: '1.9.4' + dep-version-opennlp: '1.9.5' dep-version-tika: '1.28.5' dep-version-zookeeper: '3.9.4' dep-version-lucene: '9.12.3' diff --git a/versions.lock b/versions.lock index 1b2d685a5bae..8c916c3c2e14 100644 --- a/versions.lock +++ b/versions.lock @@ -252,7 +252,7 @@ org.apache.lucene:lucene-spatial-extras:9.12.3 (1 constraints: 4105623b) org.apache.lucene:lucene-spatial3d:9.12.3 (1 constraints: ee109eca) org.apache.lucene:lucene-suggest:9.12.3 (1 constraints: 4105623b) org.apache.lucene:lucene-test-framework:9.12.3 (1 constraints: 4105623b) -org.apache.opennlp:opennlp-tools:1.9.4 (1 constraints: 9811cee0) +org.apache.opennlp:opennlp-tools:1.9.5 (2 constraints: a8161c14) org.apache.poi:poi:5.5.1 (2 constraints: db0f56a8) org.apache.poi:poi-ooxml:5.5.1 (1 constraints: 0d051436) org.apache.poi:poi-ooxml-lite:5.5.1 (1 constraints: cf0aa7cb) diff --git a/versions.props b/versions.props index db559662c37a..f476945b7801 100644 --- a/versions.props +++ b/versions.props @@ -58,6 +58,8 @@ org.apache.kafka:*=3.9.2 org.apache.kerby:*=2.1.0 org.apache.logging.log4j:*=2.26.0 org.apache.lucene:*=9.12.3 +# Override the OpenNLP tools version that Solr would otherwise inherit from Lucene +org.apache.opennlp:opennlp-tools=1.9.5 org.apache.poi:*=5.5.1 org.apache.tika:*=3.3.0 org.apache.tomcat:annotations-api=6.0.53