You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by Sven Blumenstein <sv...@apple.com.INVALID> on 2019/03/07 20:24:41 UTC
Security Contact for Solr?
Hi .*,
what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Security Contact for Solr?
Posted by Sven Blumenstein <sv...@apple.com.INVALID>.
That was what I was looking for, I must have missed that page. Thank you!
> On 7 Mar 2019, at 21:29, Kevin Risden <kr...@apache.org> wrote:
>
> From [1] If you believe you have discovered a vulnerability in Lucene or Solr, please follow these ASF guidelines [2] for reporting it.
>
> [1] https://wiki.apache.org/solr/SolrSecurity <https://wiki.apache.org/solr/SolrSecurity>
> [2] https://www.apache.org/security/ <https://www.apache.org/security/>
>
> Kevin Risden
>
>
> On Thu, Mar 7, 2019 at 3:24 PM Sven Blumenstein <sv...@apple.com.invalid> wrote:
> Hi .*,
>
> what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.
>
> Thanks!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org <ma...@lucene.apache.org>
> For additional commands, e-mail: dev-help@lucene.apache.org <ma...@lucene.apache.org>
>
Re: Security Contact for Solr?
Posted by Kevin Risden <kr...@apache.org>.
From [1] If you believe you have discovered a vulnerability in Lucene or
Solr, please follow these ASF guidelines [2] for reporting it.
[1] https://wiki.apache.org/solr/SolrSecurity
[2] https://www.apache.org/security/
Kevin Risden
On Thu, Mar 7, 2019 at 3:24 PM Sven Blumenstein <sv...@apple.com.invalid>
wrote:
> Hi .*,
>
> what is the proper contact for reporting security vulnerabilities in Solr?
> Do you have a security@ address or a non-public mailing list/bug
> component? Unfortunately I could not find any information in that regard on
> the Solr website, hence my reach out to this mailing list.
>
> Thanks!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
>
Re: Security Contact for Solr?
Posted by Ishan Chattopadhyaya <ic...@gmail.com>.
security@lucene.apache.org
Please send your security reports here ^
On Fri, Mar 8, 2019 at 7:37 AM Martin Gainty <mg...@hotmail.com> wrote:
> svan-
>
> BECAUSE solr can deploy to n number of containers
> Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have omitted a few
> implementation containers)
> Implementing comprehensive PKI Infrastructure is heavily dependent on the
> container solr is deployed to
>
> i have a few spare cycles to help out if need be
>
> martin-
>
> ------------------------------
> *From:* svbl@apple.com <sv...@apple.com> on behalf of Sven Blumenstein
> <sv...@apple.com.INVALID>
> *Sent:* Thursday, March 7, 2019 3:24 PM
> *To:* dev@lucene.apache.org
> *Subject:* Security Contact for Solr?
>
> Hi .*,
>
> what is the proper contact for reporting security vulnerabilities in Solr?
> Do you have a security@ address or a non-public mailing list/bug
> component? Unfortunately I could not find any information in that regard on
> the Solr website, hence my reach out to this mailing list.
>
> Thanks!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
>
Re: Security Contact for Solr?
Posted by Gus Heck <gu...@gmail.com>.
The only supported j2ee container for recent versions is the bundled jetty.
On Thu, Mar 7, 2019, 9:08 PM Martin Gainty <mg...@hotmail.com> wrote:
> svan-
>
> BECAUSE solr can deploy to n number of containers
> Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have omitted a few
> implementation containers)
> Implementing comprehensive PKI Infrastructure is heavily dependent on the
> container solr is deployed to
>
> i have a few spare cycles to help out if need be
>
> martin-
>
> ------------------------------
> *From:* svbl@apple.com <sv...@apple.com> on behalf of Sven Blumenstein
> <sv...@apple.com.INVALID>
> *Sent:* Thursday, March 7, 2019 3:24 PM
> *To:* dev@lucene.apache.org
> *Subject:* Security Contact for Solr?
>
> Hi .*,
>
> what is the proper contact for reporting security vulnerabilities in Solr?
> Do you have a security@ address or a non-public mailing list/bug
> component? Unfortunately I could not find any information in that regard on
> the Solr website, hence my reach out to this mailing list.
>
> Thanks!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
>
Re: Security Contact for Solr?
Posted by Martin Gainty <mg...@hotmail.com>.
svan-
BECAUSE solr can deploy to n number of containers
Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have omitted a few implementation containers)
Implementing comprehensive PKI Infrastructure is heavily dependent on the container solr is deployed to
i have a few spare cycles to help out if need be
martin-
________________________________
From: svbl@apple.com <sv...@apple.com> on behalf of Sven Blumenstein <sv...@apple.com.INVALID>
Sent: Thursday, March 7, 2019 3:24 PM
To: dev@lucene.apache.org
Subject: Security Contact for Solr?
Hi .*,
what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org