Not exactly but the one that Mark asked for help on has a mention of this. On Fri, Feb 13, 2015 at 1:06 AM, Uwe Schindler <[email protected]> wrote:
> Ah, > > > > is this related to the one where Mark Miller also asked me for help during > review – I wanted to take care today? > https://issues.apache.org/jira/browse/SOLR-6736 > > > > Uwe > > > > ----- > > Uwe Schindler > > H.-H.-Meier-Allee 63, D-28213 Bremen > > http://www.thetaphi.de > > eMail: [email protected] > > > > *From:* Anshum Gupta [mailto:[email protected]] > *Sent:* Friday, February 13, 2015 10:02 AM > > *To:* [email protected] > *Subject:* Re: [VOTE] 5.0.0 RC2 > > > > Hi Uwe, > > > > You could upload a jar to Solr via the blob handler and then register this > custom-handler via the configs API. > > Anyone having http access to any solr node could potentially run malicious > code on all nodes. > > > > > > On Fri, Feb 13, 2015 at 12:56 AM, Uwe Schindler <[email protected]> wrote: > > Hi, > > > > What are we talking about? I just heard security, but no issue number or > explanation what’s wrong! > > > > Uwe > > > > ----- > > Uwe Schindler > > H.-H.-Meier-Allee 63, D-28213 Bremen > > http://www.thetaphi.de > > eMail: [email protected] > > > > *From:* Shalin Shekhar Mangar [mailto:[email protected]] > *Sent:* Friday, February 13, 2015 9:49 AM > *To:* [email protected] > *Subject:* Re: [VOTE] 5.0.0 RC2 > > > > This is serious enough to re-spin. I have to change my vote to -1 to > release the current RC. > > On 13-Feb-2015 2:15 pm, "Noble Paul" <[email protected]> wrote: > > We should disable the dynamic loading by default . It's a security > vulnerability and users should have to explicitly enable it in a system > property. > > On Feb 13, 2015 6:47 AM, "Anshum Gupta" <[email protected]> wrote: > > Thank you everyone! This vote has passed and I'll start the process later > tonight. > > > > > > On Mon, Feb 9, 2015 at 3:16 PM, Anshum Gupta <[email protected]> > wrote: > > Please vote for the second release candidate for Lucene/Solr 5.0.0. > > > > The artifacts can be downloaded here: > > > http://people.apache.org/~anshum/staging_area/lucene-solr-5.0.0-RC2-rev1658469 > > > > Or you can run the smoke tester directly with this command: > > python3.2 dev-tools/scripts/smokeTestRelease.py > http://people.apache.org/~anshum/staging_area/lucene-solr-5.0.0-RC2-rev1658469 > > > > > > I could not get the above command to work as downloading some file or the > other timed out for me (over 6 attempts) so I instead downloaded the entire > RC as a tgz. I still have it here: > > > > > http://people.apache.org/~anshum/staging_area/lucene-solr-5.0.0-RC2-rev1658469.tgz > > > > Untar the above folder at a location of choice. Do not change the name of > the folder as the smokeTestRelease.py extracts information from that. > > > > and then instead of using http, used file://. Here's the command: > > > > python3.2 dev-tools/scripts/smokeTestRelease.py > file://<path_to_the_extracted_folder> > > > > and finally, here's my +1: > > > > > SUCCESS! [0:30:50.246761] > > > > > -- > > Anshum Gupta > > http://about.me/anshumgupta > > > > > > -- > > Anshum Gupta > > http://about.me/anshumgupta > > > > > > -- > > Anshum Gupta > > http://about.me/anshumgupta > -- Anshum Gupta http://about.me/anshumgupta
