lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Hatcher <e...@ehatchersolutions.com>
Subject Re: Lucene code review
Date Fri, 15 Dec 2006 15:00:35 GMT
I have an account and I recommend at least a couple of the really  
active committers sign on as well.  Yonik for sure! ;)   Doug, of  
course (if he wants).  Anyone else?

	Erik



On Dec 15, 2006, at 1:42 AM, Brian Chess wrote:

> Hi Erik, thanks for the intro.  I'd be happy to set up an account  
> for anyone
> involved with the projects who'd like to take a look.  (Because we're
> checking for security problems, we don't share specific findings  
> with the
> general public.)
>
> Erik is right, from Lucene, Nutch, and Solr, the most important  
> things we
> found were the cross-site scripting bugs in Solr.  There are a few  
> more bugs
> that I think are worth looking at, but nothing to get worked up about.
>
> Brian
>
>> From: Erik Hatcher <erik@ehatchersolutions.com>
>> Date: Thu, 14 Dec 2006 23:43:33 -0500
>> To: <java-dev@lucene.apache.org>
>> Cc: Brian Chess <brian@fortifysoftware.com>, Gary McGraw  
>> <gem@cigital.com>
>> Subject: Re: Lucene code review
>>
>>
>> On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote:
>>> Just spotted this on Slashdot:  http://
>>> opensource.fortifysoftware.com/welcome.html
>>> I wonder what the 3 defects they found and reviewed are... I don't
>>> see a way to see them from their site.
>>
>> I had an early peek at the Fortify analysis of several open source
>> projects, primarily Lucene, Nutch, and Solr.  Lucene and Nutch both
>> had very minor cosmetic issues (don't recall off the top of my head
>> what they were).  Solr had cross-site scripting issues in its JSP
>> pages, which I think are now all fixed (?).
>>
>> Brian Chess at Fortify was instrumental in the analysis and is eager
>> to work with open source communities closely to have these types of
>> analyses automated and useful to the projects.  I'm sure we'll hear
>> more from his organization in the near future.
>>
>> Erik
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-dev-help@lucene.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message