Ishan Chattopadhyaya created SOLR-14049:
-------------------------------------------
Summary: Disable Config APIs by default
Key: SOLR-14049
URL: https://issues.apache.org/jira/browse/SOLR-14049
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Ishan Chattopadhyaya
Fix For: 8.4
Spin off from SOLR-13978. This is not my proposal (I support this only
conditionally), I'm just opening the JIRA.
Proposal is to do this by 8.4. Reason is that Config APIs have been used in the
past to invoke RCE vulnerabilities in some components of Solr.
The discussion has happened in SOLR-13978. I am willing to do the work once we
have agreement on this.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
