[
https://issues.apache.org/jira/browse/SOLR-14067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16994249#comment-16994249
]
Robert Muir commented on SOLR-14067:
------------------------------------
This kind of functionality is extremely dangerous. It is remote execution by
very definition.
It should not be available in the core of solr, it should be opt-in by the user
(assuming security risks). We should explain these and prevent stupid mistakes.
ideally, it is not built into the core of solr either. this way, one day users
can assume the risk, permissions delgeated/sandboxed appropriately, restricted
as much as possible to contain issues.
> Remove StatelessScriptUpdateProcessor
> -------------------------------------
>
> Key: SOLR-14067
> URL: https://issues.apache.org/jira/browse/SOLR-14067
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Priority: Major
> Fix For: 8.4
>
>
> We should eliminate all scripting capabilities within Solr. Let us start with
> the StatelessScriptUpdateProcessor deprecation/removal.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
