GitHub user Sanne opened a pull request:
https://github.com/apache/lucene-solr/pull/263
Backporting of SOLR-11477 on branch_5_5
This is an adaptation of last weeks' security fix SOLR-11477 by (Michael
Stepankin, Olga Barinova, Uwe Schindler, Christine Poerschke) (aka
@cpoerschke @uschindler ) to the 5_5 branch.
The main difference with the original patch is in the inability of using
lambdas, and not having some of the new generation testing helpers.
In the CHANGES file I wasn't sure how to name this, I've opted to call it
"version 5.5.6". Maybe I should simply omit the version?
HTH
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/Sanne/lucene-solr SOLR-11477-on-5_5
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/lucene-solr/pull/263.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #263
----
commit 590dca88dedc44242d155d476b1e4dca99a25f12
Author: Christine Poerschke <[email protected]>
Date: 2017-10-13T11:46:58Z
SOLR-11477: Disallow resolving of external entities in Lucene
queryparser/xml/CoreParser and SolrCoreParser (defType=xmlparser or {!xmlparser
...}) by default.
(Michael Stepankin, Olga Barinova, Uwe Schindler, Christine Poerschke)
----
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
