lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SOLR-5518) Move editing config files into a new handler
Date Sun, 01 Dec 2013 16:29:35 GMT

     [ https://issues.apache.org/jira/browse/SOLR-5518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Uwe Schindler updated SOLR-5518:
--------------------------------

    Description: 
See SOLR-5287. Uwe Schindler pointed out that writing files the way 5287 is a security vulnerability
and that disabling it should be the norm. Subsequent discussion came up with this idea.

Writing arbitrary config files should NOT be on by default.

We'll also incorporate Mark's idea of testing XML files before writing anywhere.

  was:
See SOLr-5287. Uwe Schindler pointed out that writing files the way 5287 is a security vulnerability
and that disabling it should be the norm. Subsequent discussion came up with this idea.

Writing arbitrary config files should NOT be on by default.

We'll also incorporate Mark's idea of testing XML files before writing anywhere.


> Move editing config files into a new handler
> --------------------------------------------
>
>                 Key: SOLR-5518
>                 URL: https://issues.apache.org/jira/browse/SOLR-5518
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 5.0, 4.7
>            Reporter: Erick Erickson
>            Assignee: Erick Erickson
>            Priority: Blocker
>         Attachments: SOLR-5518.patch
>
>
> See SOLR-5287. Uwe Schindler pointed out that writing files the way 5287 is a security
vulnerability and that disabling it should be the norm. Subsequent discussion came up with
this idea.
> Writing arbitrary config files should NOT be on by default.
> We'll also incorporate Mark's idea of testing XML files before writing anywhere.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message