lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Branham, Jeremy (Experis)" <>
Subject Re: Re: Suppress stack trace in error response
Date Fri, 22 Feb 2019 15:44:49 GMT
Thanks Edwin – You’re right, I could explain that a bit more.
My security team has run a scan against the SOLR servers and identified a few things they
want suppressed, one being the stack trace in an error message.

For example –
<lst name="responseHeader">
<int name="status">500</int>
<int name="QTime">1</int>
<lst name="params">
<str name="rows">`</str>
<lst name="error">
<str name="msg">For input string: "`"</str>
<str name="trace">
java.lang.NumberFormatException: For input string: "`" at java.lang.NumberFormatException.forInputString(
at …

I’ve got a long-term solution involving middleware changes, but I’m not sure there is
a quick fix for this.

Jeremy Branham

On 2/21/19, 9:53 PM, "Zheng Lin Edwin Yeo" <> wrote:

    There's too little information provided in your questions.
    You can explain more on the issue or the exception that you are facing.
    On Thu, 21 Feb 2019 at 23:45, Branham, Jeremy (Experis) <>
    > When Solr throws an exception, like when a client sends a badly formed
    > query string, is there a way to suppress the stack trace in the error
    > response?
    > Jeremy Branham
    > Allstate Insurance Company | UCV Technology Services | Information
    > Services Group

View raw message