[
https://issues.apache.org/jira/browse/SOLR-16296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Smiley resolved SOLR-16296.
---------------------------------
Resolution: Won't Fix
My latest thoughts are that QueryElevationComponent needn't use XmlConfigFile
at all. XmlConfigFile can be left for solr.xml, solrconfig.xml, and schema.xml
file only as these files are core to Solr and use property substitution (for
example) and possible x:include. Others don't need it.
> Load elevate.xml, currency.xml, ... in a more secure way
> --------------------------------------------------------
>
> Key: SOLR-16296
> URL: https://issues.apache.org/jira/browse/SOLR-16296
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Haythem Khiri
> Assignee: David Smiley
> Priority: Minor
>
> Solr should ensure that most XML files in a ConfigSet should be loaded in an
> untrusted way for security. XML files can have custom DTDs and Xinclude for
> ConfigSets provided externally.
> This is not about changing how solrconfig.xml and schema.xml is being loaded.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
