Hello Solr, I'd like to call a vote on releasing the following artifacts as Apache Solr MCP 1.0.0. This is a second attempt after the first attempt (vote thread https://lists.apache.org/thread/o8f1r1vbqt2c7jh9lgyk0ksv4clg7hlc) failed due to two potential security issues that were reported.
These security issues have been evaluated as being under the "Response E: Reject — no authentication configured or behavior within expected role" as they are only impact a insecure Solr. Having said that, we have improved the security posture of solr-mcp by enabling security by default when run as a HTTP server. These are the improvements that resulted: * https://github.com/apache/solr-mcp/pull/126 * https://github.com/apache/solr-mcp/pull/119 This vote is being conducted using an Alpha version of the Apache Trusted Releases (ATR) platform. Please report any bugs or issues to the ASF Tooling team. The release candidate page, including downloads, can be found at: https://release-test.apache.org/vote/solr-mcp/1.0.0 The release artifacts are signed with one or more OpenPGP keys from: https://release-test.apache.org/downloads/solr/KEYS Please review the release candidate and vote accordingly. [ ] +1 Release this package [ ] +0 Abstain [ ] -1 Do not release this package (please provide specific comments) You can vote on ATR at the URL above, or manually by replying to this email. The vote is open for 120 hours. Thanks, Eric Pugh (epugh) This email was sent by [email protected] on the Apache Trusted Releases platform --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
