We just published three bugfix releases of Hibernate Search: 5.6.4.Final, 5.7.3.Final and 5.8.2.Final.
Those releases include in particular an upgrade of the Lucene dependency to 5.5.5,
which fixes CVE-2017-12629.
This vulnerability should only affect you if you use
and feed it with input from untrusted sources: this class is not used by Hibernate Search itself.
However, the upgrade is recommended even if you don’t use this class.
Here are the most notable changes:
HSEARCH-2927: the Lucene dependency was upgraded to 5.5.5, which fixes a remote code execution vulnerability: CVE-2017-12629.
HSEARCH-2868: adding elements to a persistent collection representing the reverse side of an association will now correctly trigger the reindexing of the entity if there is a field on this collection.
@CalendarBridge(encoding = EncodingType.STRING)will no longer fail at indexing time with a
ClassCastException. Thanks to Tomáš Tomek for reporting this!
For a full list of changes, please refer to the release notes:
How to get these releases
All the necessary information is available (and updated regularly) on hibernate.org:
Feedback, issues, ideas?
To get in touch, use the following channels:
hibernate-search tag on Stackoverflow (usage questions)
User forum (usage questions, general feedback)
Issue tracker (bug reports, feature requests)
Mailing list (development-related discussions)