You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Ishan Chattopadhyaya (Jira)" <ji...@apache.org> on 2019/12/11 00:09:00 UTC

[jira] [Created] (SOLR-14049) Disable Config APIs by default

Ishan Chattopadhyaya created SOLR-14049:
-------------------------------------------

             Summary: Disable Config APIs by default
                 Key: SOLR-14049
                 URL: https://issues.apache.org/jira/browse/SOLR-14049
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Ishan Chattopadhyaya
             Fix For: 8.4


Spin off from SOLR-13978. This is not my proposal (I support this only conditionally), I'm just opening the JIRA.

Proposal is to do this by 8.4. Reason is that Config APIs have been used in the past to invoke RCE vulnerabilities in some components of Solr.

The discussion has happened in SOLR-13978. I am willing to do the work once we have agreement on this.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org