You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/05/03 13:36:00 UTC

[jira] [Commented] (SOLR-16164) ConfigSet API returns error if untrusted user creates from _default configset

    [ https://issues.apache.org/jira/browse/SOLR-16164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531198#comment-17531198 ] 

ASF subversion and git services commented on SOLR-16164:
--------------------------------------------------------

Commit d2fddf1c72e892b4ed241c1a0e7b795bb211d678 in solr's branch refs/heads/branch_9_0 from Eric Pugh
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=d2fddf1c72e ]

SOLR-16164: ConfigSet API returns error if untrusted user creates from _default configset (#825)

Co-authored-by: epugh@opensourceconnections.com <>
Co-authored-by: Kevin Risden <kr...@apache.org>


> ConfigSet API returns error if untrusted user creates from _default configset
> -----------------------------------------------------------------------------
>
>                 Key: SOLR-16164
>                 URL: https://issues.apache.org/jira/browse/SOLR-16164
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: configset-api
>    Affects Versions: 9.0
>            Reporter: Eric Pugh
>            Assignee: Kevin Risden
>            Priority: Blocker
>             Fix For: 9.0
>
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> Original title: getConfigMetadata() returns NPE if there is no metadata defined on zk node for configset
> While attempting to validate SOLR-16110, I discovered that on main, if you attempt to create a configset via the Configset API, you get a NPE.   
> Utils.fromJSON doesn't handle getting a null, and the call zkClient.getData(CONFIGS_ZKNODE + "/" + configName, null, null, true) is returning a null byte array.
> curl "http://localhost:8983/solr/admin/configs?action=CREATE&name=test&baseName=_default"



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org