We just published three bugfix releases of Hibernate Search: 5.6.4.Final, 5.7.3.Final and 5.8.2.Final.
Those releases include in particular an upgrade of the Lucene dependency to 5.5.5,
which fixes CVE-2017-12629.
This vulnerability should only affect you if you use org.apache.lucene.queryparser.xml.CoreParser
and feed it with input from untrusted sources: this class is not used by Hibernate Search itself.
However, the upgrade is recommended even if you don’t use this class.
Another week, another Hibernate Validator release. You might ask why we release a new maintenance version of the 6.0 branch so soon: it is mostly to provide a patch for WildFly 11 Final but it is also packed with nice enhancements!
This is a recommended upgrade for everyone using Hibernate Validator 6.0.x and it is a drop-in replacement of 6.0.3.Final.