Uwe Schindler created SOLR-12317:
------------------------------------
Summary: Improve EmptyEntityResolver to throw exceptions instead
of silently returning an empty input stream
Key: SOLR-12317
URL: https://issues.apache.org/jira/browse/SOLR-12317
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Uwe Schindler
Assignee: Uwe Schindler
In the past we always secured all XML parsers used by solr that consumed XML
from the network to silently return an empty input stream for all external
entities. This was done to not break any client applications at that time.
Now, 5 years later, we should really simply throw an Exception instead, so user
is informed that you cannot pass external entities or xincludes to those
endpoints.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
