Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14049

Disable Config APIs by default

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • None
    • None

    Description

      Spin off from SOLR-13978. This is not my proposal (I support this only conditionally), I'm just opening the JIRA.

      Proposal is to do this by 8.4. Reason is that Config APIs have been used in the past to invoke RCE vulnerabilities in some components of Solr.

      The discussion has happened in SOLR-13978. I am willing to do the work once we have agreement on this.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-15772 More visible security warnings in Admin UI

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              ichattopadhyaya Ishan Chattopadhyaya
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: