You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Uwe Schindler (JIRA)" <ji...@apache.org> on 2018/05/06 13:09:00 UTC
[jira] [Updated] (SOLR-12317) Improve EmptyEntityResolver to throw
exceptions instead of silently returning an empty input stream
[ https://issues.apache.org/jira/browse/SOLR-12317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Uwe Schindler updated SOLR-12317:
---------------------------------
Affects Version/s: 7.3
> Improve EmptyEntityResolver to throw exceptions instead of silently returning an empty input stream
> ---------------------------------------------------------------------------------------------------
>
> Key: SOLR-12317
> URL: https://issues.apache.org/jira/browse/SOLR-12317
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 7.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Priority: Major
> Fix For: 7.4, master (8.0)
>
>
> In the past we always secured all XML parsers used by solr that consumed XML from the network to silently return an empty input stream for all external entities. This was done to not break any client applications at that time.
> Now, 5 years later, we should really simply throw an Exception instead, so user is informed that you cannot pass external entities or xincludes to those endpoints.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org