[ https://issues.apache.org/jira/browse/SOLR-8262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joel Bernstein closed SOLR-8262. -------------------------------- Resolution: Fixed > Comment out /stream handler from sample solrconfig.xml's for security reasons > ----------------------------------------------------------------------------- > > Key: SOLR-8262 > URL: https://issues.apache.org/jira/browse/SOLR-8262 > Project: Solr > Issue Type: Bug > Reporter: Joel Bernstein > > Solr has apache commons-collections in it's classpath. > *This makes it vulnerable to this security issue > https://issues.apache.org/jira/browse/COLLECTIONS-580. > *The /stream handler uses Java serialization for RPC since Solr 5.1. > These two combined leave a security hole in Solr that allows arbitrary code > to be executed on the server. > This ticket will comment out the /stream handler from the sample > solrconfig.xml's and add a warning to explain the vulnerability. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org