You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by dw...@apache.org on 2019/12/17 12:39:20 UTC
[lucene-solr] branch gradle-master updated (8ca1d4d -> 8906c2d)
This is an automated email from the ASF dual-hosted git repository.
dweiss pushed a change to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git.
from 8ca1d4d Enable security manager by default.
add b660bcd SOLR-14094: Bad-apple TestSolrCachePerf.
add 7dfea5f SOLR-14087: Changing the filestore dir name back to filestore from .filestore
add 83800c0 Fix an occasional test error caused by the maintenance trigger generating events.
add ee0b066 SOLR-14096: Stopping -Denable.packages=true from leaking to other tests
add b5a2cfb SOLR-14094: Enable this test again in master.
add dc35e57 LUCENE-9094: Ban ObjectInputStream and ObjectOutputStream in forbidden-apis
add e6b5da5 SOLR-14099: work around @LogLevel bug in LoggingHandlerTest
add db11e9e SOLR-14081: re-implement FullSolrCloudDistribCmdsTest to extend SolrCloudTestCase
add 17ef175 LUCENE-9055: Fix the detection of lines crossing triangles through edge points (#1020)
new 4c94a13 Merge remote-tracking branch 'origin/master' into gradle-master
new 8906c2d Merge forbidden APIs rules.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
gradle/validation/forbidden-apis/defaults.all.txt | 4 +
lucene/CHANGES.txt | 4 +-
.../analysis/cn/smart/hhmm/BigramDictionary.java | 3 +
.../analysis/cn/smart/hhmm/WordDictionary.java | 3 +
.../src/java/org/apache/lucene/geo/EdgeTree.java | 44 +-
.../src/java/org/apache/lucene/geo/Polygon2D.java | 8 +-
.../facet/taxonomy/writercache/CharBlockArray.java | 4 +
.../lucene/replicator/http/HttpClientBase.java | 2 +
.../lucene/replicator/http/ReplicationService.java | 2 +
.../src/java/org/apache/lucene/geo/Line2D.java | 2 +-
.../apache/lucene/document/TestLatLonShape.java | 40 +
lucene/tools/forbiddenApis/base.txt | 4 +
.../stream/AnalyticsShardResponseParser.java | 2 +
.../response/AnalyticsShardResponseWriter.java | 2 +
.../org/apache/solr/filestore/PackageStoreAPI.java | 2 +-
.../solr/cloud/FullSolrCloudDistribCmdsTest.java | 946 ++++++++-------------
.../autoscaling/sim/TestSnapshotCloudManager.java | 4 +
.../solr/filestore/TestDistribPackageStore.java | 13 +-
.../solr/handler/admin/LoggingHandlerTest.java | 9 +-
.../src/test/org/apache/solr/pkg/TestPackages.java | 13 +-
.../org/apache/solr/rest/TestManagedResource.java | 5 +
.../org/apache/solr/client/solrj/SolrResponse.java | 3 +
.../apache/solr/client/solrj/SolrQueryTest.java | 3 +
23 files changed, 490 insertions(+), 632 deletions(-)
[lucene-solr] 01/02: Merge remote-tracking branch 'origin/master'
into gradle-master
Posted by dw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dweiss pushed a commit to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
commit 4c94a13e696868f28313d018581118352497b0a0
Merge: 8ca1d4d 17ef175
Author: Dawid Weiss <dw...@apache.org>
AuthorDate: Tue Dec 17 13:38:14 2019 +0100
Merge remote-tracking branch 'origin/master' into gradle-master
lucene/CHANGES.txt | 4 +-
.../analysis/cn/smart/hhmm/BigramDictionary.java | 3 +
.../analysis/cn/smart/hhmm/WordDictionary.java | 3 +
.../src/java/org/apache/lucene/geo/EdgeTree.java | 44 +-
.../src/java/org/apache/lucene/geo/Polygon2D.java | 8 +-
.../facet/taxonomy/writercache/CharBlockArray.java | 4 +
.../lucene/replicator/http/HttpClientBase.java | 2 +
.../lucene/replicator/http/ReplicationService.java | 2 +
.../src/java/org/apache/lucene/geo/Line2D.java | 2 +-
.../apache/lucene/document/TestLatLonShape.java | 40 +
lucene/tools/forbiddenApis/base.txt | 4 +
.../stream/AnalyticsShardResponseParser.java | 2 +
.../response/AnalyticsShardResponseWriter.java | 2 +
.../org/apache/solr/filestore/PackageStoreAPI.java | 2 +-
.../solr/cloud/FullSolrCloudDistribCmdsTest.java | 946 ++++++++-------------
.../autoscaling/sim/TestSnapshotCloudManager.java | 4 +
.../solr/filestore/TestDistribPackageStore.java | 13 +-
.../solr/handler/admin/LoggingHandlerTest.java | 9 +-
.../src/test/org/apache/solr/pkg/TestPackages.java | 13 +-
.../org/apache/solr/rest/TestManagedResource.java | 5 +
.../org/apache/solr/client/solrj/SolrResponse.java | 3 +
.../apache/solr/client/solrj/SolrQueryTest.java | 3 +
22 files changed, 486 insertions(+), 632 deletions(-)
[lucene-solr] 02/02: Merge forbidden APIs rules.
Posted by dw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dweiss pushed a commit to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
commit 8906c2ddbe2f22887eb3dcbddd7976d8637bfd40
Author: Dawid Weiss <dw...@apache.org>
AuthorDate: Tue Dec 17 13:39:10 2019 +0100
Merge forbidden APIs rules.
---
gradle/validation/forbidden-apis/defaults.all.txt | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gradle/validation/forbidden-apis/defaults.all.txt b/gradle/validation/forbidden-apis/defaults.all.txt
index 0a81d03..1e9a706 100644
--- a/gradle/validation/forbidden-apis/defaults.all.txt
+++ b/gradle/validation/forbidden-apis/defaults.all.txt
@@ -58,3 +58,7 @@ java.lang.Float#<init>(double)
java.lang.Float#<init>(java.lang.String)
java.lang.Double#<init>(double)
java.lang.Double#<init>(java.lang.String)
+
+@defaultMessage Java deserialization is unsafe when the data is untrusted. The java developer is powerless: no checks or casts help, exploitation can happen in places such as clinit or finalize!
+java.io.ObjectInputStream
+java.io.ObjectOutputStream