lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Burton-West <>
Subject Solr 4.7 example solrconfig.xml has confusing comments about a security vulnerability
Date Wed, 09 Apr 2014 17:13:51 GMT
In /SOLR-5522  the handler configuration code for the admin/fileedit
request handler which would o allow modification of Solr Config files was
removed from the example solrconfig.xml, but the comments were left in the
example file.

 Thus the warning (appended below) was left in the example solrconfig.xml.
  I spent a bit of time trying to figure out how the ping/healthcheck
request handler would allow the Solr UI to edit config files before I
figured out that the comment applied to a request handler that had been
removed from the example file.

Should I open a JIRA issue and provide a patch?


    Enabling this request handler (which is NOT a default part of the admin
handler) will allow the Solr UI to edit
    all the config files. This is intended for secure/development use ONLY!
Leaving available and publically
    accessible is a security vulnerability and should be done with extreme
  <!-- ping/healthcheck -->
  <requestHandler name="/admin/ping" class="solr.PingRequestHandler">
    <lst name="invariants">

View raw message