Details
-
Task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
With lots and lots of out of the box features come the possibility of security vulnerabilities. A managed / hosted Solr cluster should have only minimal functionality turned on.
Through this issue, we'd like to explore the possibility of starting up Solr such that just basic cloud based indexing and querying works (under basic auth), and fancy stuff like the following be turned off (maybe by a startup parameter):
- Tika
- DIH
- Funky shards parameter usage (unless specific to implicit routing)
- HDFS
- Streaming expressions
- non whitelisted function queries (with a whitelist of only few that are essential)
- configset upload
- blob store
- etc.
The motivation of this work is to have a public facing minimal Solr that is bullet proof, secure against external exposure (with the help of basic auth and rule based authorization).
Attachments
Issue Links
- is a parent of
-
SOLR-14616 Remove CDCR from 9.0
-
- Closed
-
-
SOLR-14621 Deprecate and eventually remove HDFS support
-
- Resolved
-
-
SOLR-13973 Deprecate Tika
-
- Open
-
-
SOLR-14070 Deprecate CloudSolrClient's ZKHost constructor
-
- Open
-
-
SOLR-13978 Remove bloat from default configset
-
- Closed
-
-
SOLR-14022 Deprecate CDCR from Solr in 8.x
-
- Closed
-
-
SOLR-14066 Deprecate DIH and migrate to a community supported package
-
- Closed
-
-
SOLR-14071 Untrusted configsets shouldn't be allowed to use <lib> directive
-
- Closed
-
-
SOLR-14656 Deprecate current autoscaling framework, remove from master
-
- Closed
-
-
SOLR-15121 Move XSLT (tr param) to scripting contrib
-
- Closed
-
-
SOLR-14021 Deprecate HDFS support from 8x
-
- Closed
-
-
SOLR-14065 Deprecate Velocity
-
- Closed
-
-
SOLR-14067 Move StatelessScriptUpdateProcessor to a contrib
-
- Closed
-
-
SOLR-14072 Deprecate plugin loading using runtimelib
-
- Closed
-
-
SOLR-14783 Remove DIH from 9.0
-
- Closed
-
- relates to
-
SOLR-6806 Reduce the size of the main Solr binary download
-
- Resolved
-