[
https://issues.apache.org/jira/browse/SOLR-12317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465116#comment-16465116
]
Uwe Schindler commented on SOLR-12317:
--------------------------------------
We should maybe also rename this class, as it no longer returns an empty
stream. :-)
> Improve EmptyEntityResolver to throw exceptions instead of silently returning
> an empty input stream
> ---------------------------------------------------------------------------------------------------
>
> Key: SOLR-12317
> URL: https://issues.apache.org/jira/browse/SOLR-12317
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 7.3
> Reporter: Uwe Schindler
> Assignee: Uwe Schindler
> Priority: Major
> Fix For: 7.4, master (8.0)
>
>
> In the past we always secured all XML parsers used by solr that consumed XML
> from the network to silently return an empty input stream for all external
> entities. This was done to not break any client applications at that time.
> Now, 5 years later, we should really simply throw an Exception instead, so
> user is informed that you cannot pass external entities or xincludes to those
> endpoints.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
