It's best to report vulnerabilities to the private [email protected].
See https://www.apache.org/security/ On Thu, Apr 17, 2014 at 12:07 AM, Per Steffensen <[email protected]>wrote: > Hi > > I am not a member of the Solr core - committers etc. I have just provided > some patches around security for Solr. None of the security work I have > done introduces or removes XSS vulnerabilities. If you have found an issue > I suggest you start by write about it at one of the mailing lists > [email protected] or [email protected]. Later (or maybe > already now, if you are sure this is a real issue) you should create a JIRA > issue at https://issues.apache.org/jira/browse/SOLR. You need to be on > the mailing lists in order to be able to send a mail to them, but just go > ahead and subscribe. You need to create a user-account in JIRA in order to > be able to create an issue, but just go ahead and do that. > > Regards, Per Steffensen > > On 15/04/14 20:05, Mayers, Josh wrote: > > Per – > > > > I’ve found an XSS vulnerability in Solr, and am looking for the right > person to discuss it with and get it resolved. I found your name and email > address on the Solr Security web page ( > https://wiki.apache.org/solr/SolrSecurity) .. can you point me in the > right direction? > > > > Thanks > > Josh > > > > *Josh Mayers* > > *Senior Information Assurance Engineer* > > *The MITRE Corporation* > > *202 Burlington Road MS M300, Bedford MA 01730-1420* > > *.* > > > > > -- Regards, Shalin Shekhar Mangar.
