[jira] [Commented] (SOLR-13978) Remove bloat from default configset

Noble Paul (Jira) Tue, 10 Dec 2019 14:28:24 -0800


    [ 
https://issues.apache.org/jira/browse/SOLR-13978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16993011#comment-16993011
 ]


Noble Paul commented on SOLR-13978:
-----------------------------------

Vulnerability is not because of config API. We have insecure components in our 
system . We should not keep them in our classpath. 

> Remove bloat from default configset
> -----------------------------------
>
>                 Key: SOLR-13978
>                 URL: https://issues.apache.org/jira/browse/SOLR-13978
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Ishan Chattopadhyaya
>            Priority: Blocker
>             Fix For: 8.4
>
>
> We need to review and remove all components that are not essential for 
> search, indexing and other core functionality. Velocity, DIH, etc. should be 
> reviewed.
> (Marking this as a 8.4 release blocker).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

[jira] [Commented] (SOLR-13978) Remove bloat from default configset

Reply via email to