noblepaul commented on a change in pull request #2065:
URL: https://github.com/apache/lucene-solr/pull/2065#discussion_r519484574
##########
File path: solr/core/src/java/org/apache/solr/api/ContainerPluginsRegistry.java
##########
@@ -69,7 +72,8 @@
public class ContainerPluginsRegistry implements ClusterPropertiesListener,
MapWriter, Closeable {
private static final Logger log =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
- private final ObjectMapper mapper =
SolrJacksonAnnotationInspector.createObjectMapper();
+ private static final ObjectMapper mapper =
SolrJacksonAnnotationInspector.createObjectMapper()
+ .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
Review comment:
This is not a security risk. In general it's better to ignore extra
attributes for backcompat. Imagine adding an extra attribute to your plugin in
a newer version and old Solr nodes failing because of that
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
