This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch security-advisory-jwt-blockunknown
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to
refs/heads/security-advisory-jwt-blockunknown by this push:
new d1640df2d Remove bullet about "untrusted clients" having access
d1640df2d is described below
commit d1640df2d95a27d935d4d6c37978a6b787d50d48
Author: Jan Høydahl <[email protected]>
AuthorDate: Wed May 20 00:29:05 2026 +0200
Remove bullet about "untrusted clients" having access
---
content/solr/security/2026-05-19-jwt-blockunknown-default.md | 2 --
1 file changed, 2 deletions(-)
diff --git a/content/solr/security/2026-05-19-jwt-blockunknown-default.md
b/content/solr/security/2026-05-19-jwt-blockunknown-default.md
index 2912d640d..3a263240a 100644
--- a/content/solr/security/2026-05-19-jwt-blockunknown-default.md
+++ b/content/solr/security/2026-05-19-jwt-blockunknown-default.md
@@ -25,13 +25,11 @@ You may be affected if **all** of the following are true:
1. You use the JWT Authentication Plugin (`solr.JWTAuthPlugin`) in
`security.json`
2. Your intention is to block all unauthenticated requests
3. Your `security.json` does **not** explicitly set `"blockUnknown": true`
-4. Solr is reachable from clients that should not have unauthenticated access
You are **not** affected if any of the following applies:
- `blockUnknown` is explicitly set to `true` in `security.json`
- An AuthorizationPlugin (e.g. `RuleBasedAuthorizationPlugin`) independently
denies access to unauthenticated users
-- Solr is not reachable from untrusted clients (e.g. firewall-protected)
**Mitigation**
