You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2021/12/04 00:22:00 UTC

[jira] [Updated] (SOLR-15826) ResourceLoader should better respect allowed paths

     [ https://issues.apache.org/jira/browse/SOLR-15826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Høydahl updated SOLR-15826:
-------------------------------
    Fix Version/s: main (9.0)
                   8.11.1

> ResourceLoader should better respect allowed paths
> --------------------------------------------------
>
>                 Key: SOLR-15826
>                 URL: https://issues.apache.org/jira/browse/SOLR-15826
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>             Fix For: main (9.0), 8.11.1
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> ResourceLoader only returns files relative to instanceDir or resources from Classpath, but the check for whether the requested resource is relative to instanceDir or not happens after an attempt to check if the file exists. This can cause weird bugs, so we should move the check earlier.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org