Lucene Package Update to Address CVE-2024-43383 (#17942)

* Update Lucene Package to 4.8.0-beta00017

* Add Package Reference

---------

Co-authored-by: Sebastiaan Janssen <[email protected]>

Author: amsclark

Directory.Packages.props

@@ -91,11 +91,13 @@
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
     <!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
     <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.7.1" />
+    <!-- Examine.Lucene bring in a vulnerable version of Lucene.Net.Replicator -->
+    <PackageVersion Include="Lucene.Net.Replicator" Version="4.8.0-beta00017" />
     <!-- Both OpenIddict.AspNetCore, Microsoft.EntityFrameworkCore.* bring in a vulnerable version of Microsoft.Extensions.Caching.Memory -->
     <PackageVersion Include="Microsoft.Extensions.Caching.Memory" Version="8.0.1" />
     <!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
     <PackageVersion Include="System.Text.Json" Version="8.0.5" />
     <!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Microsoft.Data.SqlClient -->
     <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.2.2" />
   </ItemGroup>
-</Project>
+</Project>

src/Umbraco.Examine.Lucene/Umbraco.Examine.Lucene.csproj

@@ -10,6 +10,8 @@
     <PackageReference Include="Examine" />
     <!-- Take top-level depedendency on System.Security.Cryptography.Xml, because Examine depends on a vulnerable version -->
     <PackageReference Include="System.Security.Cryptography.Xml" />
+    <!-- Take top-level depedendency on Lucene.Net.Replicator-->
+    <PackageReference Include="Lucene.Net.Replicator" />
   </ItemGroup>
 
   <ItemGroup>