We just published three bugfix releases of Hibernate Search: 5.6.4.Final, 5.7.3.Final and 5.8.2.Final.
Those releases include in particular an upgrade of the Lucene dependency to 5.5.5,
which fixes CVE-2017-12629.
This vulnerability should only affect you if you use
and feed it with input from untrusted sources: this class is not used by Hibernate Search itself.
However, the upgrade is recommended even if you don’t use this class.
Here are the most notable changes:
HSEARCH-2868: adding elements to a persistent collection representing the reverse side of an association will now correctly trigger the reindexing of the entity if there is a field on this collection.
@CalendarBridge(encoding = EncodingType.STRING)will no longer fail at indexing time with a
ClassCastException. Thanks to Tomáš Tomek for reporting this!
For a full list of changes, please refer to the release notes: