You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Cassandra Targett (JIRA)" <ji...@apache.org> on 2018/02/01 17:28:00 UTC
[jira] [Updated] (SOLR-11495) Reduce the list of which query
parsers are loaded by default
[ https://issues.apache.org/jira/browse/SOLR-11495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cassandra Targett updated SOLR-11495:
-------------------------------------
Docs Text: (was: Virtually all of the query parsers that Solr supports are enabled by default, in a map created in QParserPlugin.java.
To reduce the possible attack surface of a default Solr installation, I believe that the list of default parsers should be limited to a small handful of the full list that's available. I will discuss specific ideas for that list in comments.
I think the bar should be very high for admission to the default parser list. That list should only include those that are most commonly used by the community. Only the most common parsers will have had extensive review for security issues.)
> Reduce the list of which query parsers are loaded by default
> ------------------------------------------------------------
>
> Key: SOLR-11495
> URL: https://issues.apache.org/jira/browse/SOLR-11495
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: query parsers
> Affects Versions: 7.0
> Reporter: Shawn Heisey
> Priority: Major
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org