You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by Joel Bernstein <jo...@gmail.com> on 2018/01/03 18:32:36 UTC
Security release Lucene/Solr 6.6.3
I wanted to see if anyone objects to a 6.6.3 release which has the commits
from the following jira:
https://issues.apache.org/jira/browse/SOLR-10307
The issue is that currently in the 6x releases you can only store the SSL
keystore and truststore passwords in plain text on disk. I believe this is
a serious enough security issue to warrant a bug fix release.
I can do the back ports and volunteer to release manage.
Joel Bernstein
http://joelsolr.blogspot.com/
Re: Security release Lucene/Solr 6.6.3
Posted by Anshum Gupta <an...@apple.com>.
+1!
-Anshum
> On Jan 3, 2018, at 10:32 AM, Joel Bernstein <jo...@gmail.com> wrote:
>
> I wanted to see if anyone objects to a 6.6.3 release which has the commits from the following jira:
>
> https://issues.apache.org/jira/browse/SOLR-10307 <https://issues.apache.org/jira/browse/SOLR-10307>
>
> The issue is that currently in the 6x releases you can only store the SSL keystore and truststore passwords in plain text on disk. I believe this is a serious enough security issue to warrant a bug fix release.
>
> I can do the back ports and volunteer to release manage.
>
>
> Joel Bernstein
> http://joelsolr.blogspot.com/ <http://joelsolr.blogspot.com/>
Re: Security release Lucene/Solr 6.6.3
Posted by Ishan Chattopadhyaya <ic...@gmail.com>.
+1
On Thu, Jan 4, 2018 at 12:02 AM, Joel Bernstein <jo...@gmail.com> wrote:
> I wanted to see if anyone objects to a 6.6.3 release which has the commits
> from the following jira:
>
> https://issues.apache.org/jira/browse/SOLR-10307
>
> The issue is that currently in the 6x releases you can only store the SSL
> keystore and truststore passwords in plain text on disk. I believe this is
> a serious enough security issue to warrant a bug fix release.
>
> I can do the back ports and volunteer to release manage.
>
>
> Joel Bernstein
> http://joelsolr.blogspot.com/
>