[
https://issues.apache.org/jira/browse/SOLR-8307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hoss Man reopened SOLR-8307:
----------------------------
the commits made for this issue have broken trunk and 5x builds due to causing
the javadocs to produce broken links.
some of the affected classes have fundamental problems that can/should be fixed
in SOLR-8333, but independent of that this commit -- and the creation of
solr/solrj/src/java/org/apache/solr/util/ which competes with
solr/core/src/java/org/apache/solr/util/ -- are breaking the build.
erik: can you please revert this until a better solution is found?(i thought
you mentioned earlier today that you would do this -- but that was ~8 hours ago
and i've seen you make several other commits & jira comments since then w/o
actually addressing the immediate problem, so i'm asking you now explicitly:
please revert until this issue can be fixed in a way that does not break the
build.
> XXE Vulnerability
> -----------------
>
> Key: SOLR-8307
> URL: https://issues.apache.org/jira/browse/SOLR-8307
> Project: Solr
> Issue Type: Bug
> Components: UI
> Affects Versions: 5.3
> Reporter: Adam Johnson
> Assignee: Erik Hatcher
> Priority: Blocker
> Fix For: 5.4, Trunk
>
> Attachments: SOLR-8307.patch, SOLR-8307.patch
>
>
> Use the drop-down in the left menu to select a core. Use the “Watch Changes”
> feature under the “Plugins / Stats” option. When submitting the changes, XML
> is passed in the “stream.body” parameter and is vulnerable to XXE.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
