umbraco · amsclark · Jan 10, 2025 · Jan 10, 2025
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -91,5 +91,7 @@
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
     <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
     <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.7.1" />
+    <!-- Examine.Lucene bring in a vulnerable version of Lucene.Net.Replicator -->
+    <PackageVersion Include="Lucene.Net.Replicator" Version="4.8.0-beta00017" />
   </ItemGroup>
-</Project>
+</Project>
diff --git a/src/Umbraco.Examine.Lucene/Umbraco.Examine.Lucene.csproj b/src/Umbraco.Examine.Lucene/Umbraco.Examine.Lucene.csproj
@@ -10,6 +10,8 @@
     <PackageReference Include="Examine" />
     <!-- Take top-level depedendency on System.Security.Cryptography.Xml, because Examine depends on a vulnerable version -->
     <PackageReference Include="System.Security.Cryptography.Xml" />
+    <!-- Take top-level depedendency on Lucene.Net.Replicator-->
+    <PackageReference Include="Lucene.Net.Replicator" />
   </ItemGroup>
 
   <ItemGroup>