lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn Heisey (JIRA)" <>
Subject [jira] [Updated] (SOLR-5617) Default classloader restrictions may be too tight
Date Tue, 07 Jan 2014 22:02:50 GMT


Shawn Heisey updated SOLR-5617:

    Priority: Minor  (was: Major)

> Default classloader restrictions may be too tight
> -------------------------------------------------
>                 Key: SOLR-5617
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 4.6
>            Reporter: Shawn Heisey
>            Priority: Minor
>              Labels: security
>             Fix For: 5.0, 4.7
> SOLR-4882 introduced restrictions for the Solr class loader that cause resources outside
the instanceDir to fail to load.  This is a very good goal, but what if you have common resources
like included config files that are outside instanceDir but are still fully inside the solr
> I can understand not wanting to load resources from an arbitrary path, but the solr home
and its children should be about as trustworthy as instanceDir.
> Ideally I'd like to have anything that's in $\{solr.solr.home\} trusted automatically.
 If I need to define a system property to make this happen, I'm OK with that -- as long as
I don't have to turn off the safety checking entirely.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message