CVE request: Apache Solr 4.6.0

[Nicolas Grégoire <nicolas.gregoire () agarri fr>]

Hello,

Apache Solr 4.6.0 was released a few days ago. This version includes a
fix for bug SOLR-4882 (directory traversal when accessing XSLT
stylesheets and Velocity templates):
http://lucene.apache.org/solr/4_6_0/changes/Changes.html#v4.6.0.security
https://issues.apache.org/jira/browse/SOLR-4882

If the user can store his own files on the server, this vulnerability
could be abused to gain remote code execution.

Regards,
Nicolas Grégoire