Cloudera Docs

Fixed Issues in Apache Solr

Review the list of Solr issues that are resolved in Cloudera Runtime 7.2.17.

CDPD-50032: Solr: CVE-2023-24998-upgrade commons-fileupload library to version 1.5
Backport upstream jira SOLR-14250 and SOLR-14461 which removes using commons-fileupload (and uses jetty instead).
CDPD-44607 and CDPD-46198: Upgrade jsoup to 1.15.3 to fix CVE-2021-37714 and CVE-2022-36033
Upgraded jsoup version as part of CVE fix.
CDPD-45967: Upgrade hsqldb to 2.7.1 due to CVE-2022-41853
Upgraded HSQLDB version as part of CVE fix.

Apache Patch Information

None

Technical Service Bulletins

TSB-847: CVE-2025-30065 Apache Parquet vulnerability
On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet (CVE-2025-30065, CVSS score 10.0) was announced.

Remediation for affected versions

The Cloudera Search release patched through the CDP updates for the public cloud and private cloud base.

Vulnerability details

Exploiting this vulnerability is only possible by modifying the accepted schema used for translating Parquet files and subsequently submitting a specifically crafted malicious file.

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. Attackers may be able to modify unexpected objects or data that was assumed to be safe from modification. Deserialized data or code could be modified without using the provided accessor functions, or unexpected functions could be invoked.

Deserialization vulnerabilities most commonly lead to undefined behavior, such as memory modification or remote code execution.

Action required - Mitigation for affected Cloudera products:

Until the upgrade with Apache Parquet 1.15.1 or higher is available:
  1. Utilize a File Integrity Monitoring (FIM) solution. This allows administrators to monitor files at the filesystem level and receive alerts on any unexpected or suspicious activity in the schema configuration.
  2. Monitor network activity for any transmission of Parquet files, and alert on any unexpected activity.
  3. Be cautious with Parquet files from unknown or untrusted sources. If possible, do not process files with uncertain origin or that came from outside the organization.
  4. Ensure that only authorized users have access to endpoints that ingest Parquet files.

For the latest update on this issue see the corresponding Knowledge Article: TSB 2025-847: Critical Apache Parquet vulnerability CVE-2025-30065