[
https://issues.apache.org/jira/browse/SOLR-14067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17275213#comment-17275213
]
ASF subversion and git services commented on SOLR-14067:
--------------------------------------------------------
Commit 6d71a0aced96c3521796a9e16b055f041141a146 in lucene-solr's branch
refs/heads/master from Eric Pugh
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=6d71a0a ]
SOLR-14067: v4 Create /contrib/scripting module with ScriptingUpdateProcessor
(#2257)
* Creating Scripting contrib module to centralize the less secure code related
to scripts.
* tweak the changelog and update notice to explain why the name changed and the
security posture thinking
* the test script happens to be a currency.xml, which made me think we were
doing something specific to currency types, but instead any xml formatted file
will suffice for the test.
* Update
solr/contrib/scripting/src/java/org/apache/solr/scripting/update/ScriptUpdateProcessorFactory.java
* Update
solr/contrib/scripting/src/java/org/apache/solr/scripting/update/package-info.java
* drop the ing, and be more specific on the name of the ref guide page
* comment out the script update chain.
The sample techproducts configSet is used by many of the solr unit tests, and
by default doesn't have access to the jar file in the contrib module. This is
commented out, similar to how the lang contrib is.
* using a Mock for the script processor in order to keep the trusted configSets
tests all together.
* tweak since we are using a mock script processor
Co-authored-by: David Smiley <dsmi...@apache.org>
> Move StatelessScriptUpdateProcessor to a contrib
> ------------------------------------------------
>
> Key: SOLR-14067
> URL: https://issues.apache.org/jira/browse/SOLR-14067
> Project: Solr
> Issue Type: Improvement
> Reporter: Ishan Chattopadhyaya
> Assignee: David Eric Pugh
> Priority: Major
> Fix For: master (9.0)
>
> Time Spent: 7.5h
> Remaining Estimate: 0h
>
> Move server-side scripting out of core and into a new contrib. This is
> better for security.
> Former description:
> ----
> We should eliminate all scripting capabilities within Solr. Let us start with
> the StatelessScriptUpdateProcessor deprecation/removal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
