We just published three bugfix releases of Hibernate Search: 5.6.4.Final, 5.7.3.Final and 5.8.2.Final.
Those releases include in particular an upgrade of the Lucene dependency to 5.5.5,
which fixes CVE-2017-12629.
This vulnerability should only affect you if you use org.apache.lucene.queryparser.xml.CoreParser
and feed it with input from untrusted sources: this class is not used by Hibernate Search itself.
However, the upgrade is recommended even if you don’t use this class.
As you can see, the Hibernate websites
(hibernate.org and in.relation.to)
just got a facelift!
We made them prettier than ever, but we also added more information
and made sure that you will find what you want even more easily than before.
Just a quick heads-up to French-speaking developers:
I will be presenting the Elasticsearch integration in Hibernate Search at the Strasbourg Java User Group (ElsassJUG) meetup,
at 7 PM on Wednesday 26th of April.
I will briefly introduce full-text search (why and how it’s done),
then present how to use Hibernate Search to keep Lucene indexes in sync with your Hibernate ORM entities,
and I will show you how easy it is to target Elasticsearch instead of local Lucene indexes since Hibernate Search 5.6.0.
For more information about the location or to register,
please refer to the Meetup page.