[
https://issues.apache.org/jira/browse/SOLR-7106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14321559#comment-14321559
]
Yonik Seeley commented on SOLR-7106:
------------------------------------
bq. Bad guy could upload a JAR with a request handler that ships back
/etc/passwd or does other malicious things.
Ah, right - stuff beyond the content of the index, which is more obvious.
> Disable dynamic loading by default
> ----------------------------------
>
> Key: SOLR-7106
> URL: https://issues.apache.org/jira/browse/SOLR-7106
> Project: Solr
> Issue Type: Task
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Blocker
> Fix For: 5.0
>
> Attachments: SOLR-7106.patch, SOLR-7106.patch
>
>
> Dynamic loading of jars is enabled by default SOLR-6801. It is a security
> vulnerability and we should set it to be disabled by default
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
