Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13442

Lean Solr with minimal functionality

    XMLWordPrintableJSON

Details

    • Task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      With lots and lots of out of the box features come the possibility of security vulnerabilities. A managed / hosted Solr cluster should have only minimal functionality turned on.

      Through this issue, we'd like to explore the possibility of starting up Solr such that just basic cloud based indexing and querying works (under basic auth), and fancy stuff like the following be turned off (maybe by a startup parameter):

      1. Tika
      2. DIH
      3. Funky shards parameter usage (unless specific to implicit routing)
      4. HDFS
      5. Streaming expressions
      6. non whitelisted function queries (with a whitelist of only few that are essential)
      7. configset upload
      8. blob store
      9. etc.

      The motivation of this work is to have a public facing minimal Solr that is bullet proof, secure against external exposure (with the help of basic auth and rule based authorization).

      Attachments

        Issue Links

          is a parent of

          Sub-task - The sub-task of the issue SOLR-14616 Remove CDCR from 9.0

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SOLR-14621 Deprecate and eventually remove HDFS support

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-13973 Deprecate Tika

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14070 Deprecate CloudSolrClient's ZKHost constructor

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-13978 Remove bloat from default configset

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14022 Deprecate CDCR from Solr in 8.x

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14066 Deprecate DIH and migrate to a community supported package

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14071 Untrusted configsets shouldn't be allowed to use <lib> directive

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14656 Deprecate current autoscaling framework, remove from master

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-15121 Move XSLT (tr param) to scripting contrib

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14021 Deprecate HDFS support from 8x

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14065 Deprecate Velocity

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14067 Move StatelessScriptUpdateProcessor to a contrib

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14072 Deprecate plugin loading using runtimelib

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. SOLR-14783 Remove DIH from 9.0

          • Major - Major loss of function.
          • Closed
          relates to

          Task - A task that needs to be done. SOLR-6806 Reduce the size of the main Solr binary download

          • Major - Major loss of function.
          • Open

          Activity

            People

              ichattopadhyaya Ishan Chattopadhyaya
              ichattopadhyaya Ishan Chattopadhyaya
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: