[GitHub] [lucene-solr] janhoy commented on a change in pull request #1641: SOLR-14561: Adding upgrade notes for allowPaths

Thu, 02 Jul 2020 06:06:07 -0700 


janhoy commented on a change in pull request #1641:
URL: https://github.com/apache/lucene-solr/pull/1641#discussion_r448984282



##########
File path: solr/solr-ref-guide/src/solr-upgrade-notes.adoc
##########
@@ -85,11 +85,18 @@ For more information about how to use this, see the section 
<<exporting-result-s
 
 * The `stats`, `facet`, and `timeseries` expressions now support percentiles 
and standard deviation aggregations.
 
-*Deprecations* 
+*Restricting file paths*
+
+Several Solr APIs allow specifying a file system location. This includes core 
creation, backup, restore and others. Prior to Solr 8.6 these parameters were 
not validated, and Solr would allow any absolute or relative path. From 8.6 we 
by default allow only paths that are relative to `SOLR_HOME`, `SOLR_DATA_HOME` 
and `coreRootDir`. If you need to create a core or store a backup outside these 
pre-allowed paths, you now need to tell Solr about what paths to allow.
+
+Solr can be configured with a comma separated list of paths to allow in 
`solr.xml` using the new `allowPaths` element, see 
<<format-of-solr-xml.html#the-solr-element,Solr.xml Parameters>>. When using 
the `solr.xml` file shipping with 8.6, you can configure the list of paths to 
allow through the system property `solr.allowPaths`. Please see 
`bin/solr.in.sh` or `bin\solr.in.cmd` for example usage. Using the value `*` 
will allow any path as in erlier versions.
+
+Windows SMB shares on the UNC format, such as `\\myhost\myshare\mypath` are 
now always disallowed. Please use drive letter mounts instead, i.e. `S:\mypath`.
 
-* Cross Data Center Replication (CDCR), in its current form, is deprecated and 
is scheduled to be removed in 9.0. Please refer to SOLR-14022.

Review comment:
       See 
https://github.com/apache/lucene-solr/blob/master/solr/solr-ref-guide/src/solr-upgrade-notes.adoc
 and you'll understand (I'm removing the boldface *Deprecations* word from the 
end of the CDCR bullet




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to