[
https://issues.apache.org/jira/browse/SOLR-13534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16861562#comment-16861562
]
Noble Paul edited comment on SOLR-13534 at 6/11/19 10:37 PM:
-------------------------------------------------------------
The runtime lib is disabled by default. [~gus_heck] I'm not sure adding a
separate property is going to be such a huge difference. It just means everyone
who has set that flag is vulnerable. Users should enable [jar
signing|https://lucene.apache.org/solr/guide/6_6/adding-custom-plugins-in-solrcloud-mode.html]
to be more secure.
[~tomasflobbe] the security story is not very different from what we have had
for the last 2 years of it's existence. You could upload a jar using a command
was (Author: noble.paul):
The runtime lib is disabled by default. [~gus_heck] I'm not sure adding a
separate property is going to be such a huge difference. It just means everyone
who has set that flag is vulnerable.
[~tomasflobbe] the security story is not very different from what we have had
for the last 2 years of it's existence. You could upload a jar using a command
> Dynamic loading of jars from a url
> ----------------------------------
>
> Key: SOLR-13534
> URL: https://issues.apache.org/jira/browse/SOLR-13534
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Dynamic loading is possible from {{.system}} collection. It's much easier to
> host the jars on a remote service and load it from there. This way the user
> should have no problem in loading jars when the {{.system}} collection is not
> available for some reason.
> The steps should look as follows
> # get the hash of your jar file. {{openssl dgst -sha512 <jar>}}
> # upload it your hosting service . say the location is
> {{[http://host:port/my-jar/location|http://hostport/]}}
> # create a runtime lib entry for the collection as follows
> {code:java}
> curl http://localhost:8983/solr/techproducts/config -H
> 'Content-type:application/json' -d '{
> "add-runtimelib": { "name":"jarblobname",
> "sha512":"e94bb3990b39aacdabaa3eef7ca6102d96fa46766048da50269f25fd41164440a4e024d7a7fb0d5ec328cd8322bb65f5ba7886e076a8f224f78cb310fd45896d"
> , "url" : "http://host:port/my-jar/loaction"}
> }'
> {code}
> to update the jar, just repeat the steps and use the {{update-runtimelib}} to
> update the sha512 hash
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
