You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Hoss Man (JIRA)" <ji...@apache.org> on 2015/11/24 02:01:12 UTC
[jira] [Reopened] (SOLR-8307) XXE Vulnerability
[ https://issues.apache.org/jira/browse/SOLR-8307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hoss Man reopened SOLR-8307:
----------------------------
the commits made for this issue have broken trunk and 5x builds due to causing the javadocs to produce broken links.
some of the affected classes have fundamental problems that can/should be fixed in SOLR-8333, but independent of that this commit -- and the creation of solr/solrj/src/java/org/apache/solr/util/ which competes with solr/core/src/java/org/apache/solr/util/ -- are breaking the build.
erik: can you please revert this until a better solution is found?(i thought you mentioned earlier today that you would do this -- but that was ~8 hours ago and i've seen you make several other commits & jira comments since then w/o actually addressing the immediate problem, so i'm asking you now explicitly: please revert until this issue can be fixed in a way that does not break the build.
> XXE Vulnerability
> -----------------
>
> Key: SOLR-8307
> URL: https://issues.apache.org/jira/browse/SOLR-8307
> Project: Solr
> Issue Type: Bug
> Components: UI
> Affects Versions: 5.3
> Reporter: Adam Johnson
> Assignee: Erik Hatcher
> Priority: Blocker
> Fix For: 5.4, Trunk
>
> Attachments: SOLR-8307.patch, SOLR-8307.patch
>
>
> Use the drop-down in the left menu to select a core. Use the “Watch Changes” feature under the “Plugins / Stats” option. When submitting the changes, XML is passed in the “stream.body” parameter and is vulnerable to XXE.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org