You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Isabelle Giguere (Jira)" <ji...@apache.org> on 2021/02/02 16:41:00 UTC
[jira] [Commented] (SOLR-14886) Suppress stack trace in Query response.
[ https://issues.apache.org/jira/browse/SOLR-14886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17277272#comment-17277272 ]
Isabelle Giguere commented on SOLR-14886:
-----------------------------------------
Patch off current Solr master branch (9.x)
- Add a property "hideStackTrace" to solr.xml
- In NodeConfig, the default value is "false", for back-compatibility.
- Use the new property in ResponseUtils, to print out, or not, the stack trace.
- Adapt code that calls ResponseUtils
- Add documentation in Ref Guide
There's no direct path between solr.xml and ResponseUtils, or any class that uses ResponseUtils, so the "hideStackTrace" property is duplicated in CoreContainer, just so it lives in a place where it can be read. May not be the best approach.
Note that the patch cannot fix the cases where the error message (<str name="msg">)contains the full stack trace.
> Suppress stack trace in Query response.
> ---------------------------------------
>
> Key: SOLR-14886
> URL: https://issues.apache.org/jira/browse/SOLR-14886
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 8.6.2
> Reporter: Vrinda Davda
> Priority: Minor
> Attachments: SOLR-14886.patch, SOLR-14886.patch
>
>
> Currently there is no way to suppress the stack trace in solr response when it throws an exception, like when a client sends a badly formed query string, or exception with status 500 It sends full stack trace in the response.
> I would propose a configuration for error messages so that the stack trace is not visible to avoid any sensitive information in the stack trace.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org