Security release Lucene/Solr 6.6.3

[Joel Bernstein <jo...@gmail.com>]

I wanted to see if anyone objects to a 6.6.3 release which has the commits
from the following jira:

https://issues.apache.org/jira/browse/SOLR-10307

The issue is that currently in the 6x releases you can only store the SSL
keystore and truststore passwords in plain text on disk. I believe this is
a serious enough security issue to warrant a bug fix release.

I can do the back ports and volunteer to release manage.


Joel Bernstein
http://joelsolr.blogspot.com/

Re: Security release Lucene/Solr 6.6.3

[Anshum Gupta <an...@apple.com>]

+1!

-Anshum



> On Jan 3, 2018, at 10:32 AM, Joel Bernstein <jo...@gmail.com> wrote:
> 
> I wanted to see if anyone objects to a 6.6.3 release which has the commits from the following jira:
> 
> https://issues.apache.org/jira/browse/SOLR-10307 <https://issues.apache.org/jira/browse/SOLR-10307>
> 
> The issue is that currently in the 6x releases you can only store the SSL keystore and truststore passwords in plain text on disk. I believe this is a serious enough security issue to warrant a bug fix release.
> 
> I can do the back ports and volunteer to release manage.
> 
> 
> Joel Bernstein
> http://joelsolr.blogspot.com/ <http://joelsolr.blogspot.com/>

Re: Security release Lucene/Solr 6.6.3

[Ishan Chattopadhyaya <ic...@gmail.com>]

+1

On Thu, Jan 4, 2018 at 12:02 AM, Joel Bernstein <jo...@gmail.com> wrote:

> I wanted to see if anyone objects to a 6.6.3 release which has the commits
> from the following jira:
>
> https://issues.apache.org/jira/browse/SOLR-10307
>
> The issue is that currently in the 6x releases you can only store the SSL
> keystore and truststore passwords in plain text on disk. I believe this is
> a serious enough security issue to warrant a bug fix release.
>
> I can do the back ports and volunteer to release manage.
>
>
> Joel Bernstein
> http://joelsolr.blogspot.com/
>