[
https://issues.apache.org/jira/browse/SOLR-13978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16993052#comment-16993052
]
Ishan Chattopadhyaya commented on SOLR-13978:
---------------------------------------------
I'm picking this up now and working on a patch/PR to remove bloat from default
configset.
On the topic of config APIs, I am in both camps. There are, say, 9 vulnerable
components, and 1 config API. It is easy to remove the 1 config API and sleep
peacefully that my other 9 aren't a problem anymore. But, this is also
equivalent to throwing the baby with the bath water. My preference would be to
throw out those 9 vulnerable components (which are, combined, not even quarter
as useful to users as the config API). Hence, I am okay to disable (by default)
config API now, i.e. 8.4. But, for that *I would need broad consensus that it
is only an interim measure* until all vulnerable components are removed from
Solr shortly after and config API is enabled back again (by default) after that.
> Remove bloat from default configset
> -----------------------------------
>
> Key: SOLR-13978
> URL: https://issues.apache.org/jira/browse/SOLR-13978
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Priority: Blocker
> Fix For: 8.4
>
>
> We need to review and remove all components that are not essential for
> search, indexing and other core functionality. Velocity, DIH, etc. should be
> reviewed.
> (Marking this as a 8.4 release blocker).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
