[
https://issues.apache.org/jira/browse/SOLR-16296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Smiley updated SOLR-16296:
--------------------------------
Description: SafeXMLParsing should be the one spot that produces an XML
Document "safely" from a file/stream. XmlConfigFile ought to use it.
QueryElevationComponent could avoid XmlConfigFile (not essential) and use
SafeXMLParsing directly. (was: Solr should ensure that most XML files in a
ConfigSet should be loaded in an untrusted way for security. XML files can have
custom DTDs and Xinclude for ConfigSets provided externally.
This is not about changing how solrconfig.xml and schema.xml is being loaded.)
> Use SafeXMLParsing in XmlConfigFile and QueryElevationComponent
> ---------------------------------------------------------------
>
> Key: SOLR-16296
> URL: https://issues.apache.org/jira/browse/SOLR-16296
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Haythem Khiri
> Assignee: David Smiley
> Priority: Minor
> Time Spent: 6h 40m
> Remaining Estimate: 0h
>
> SafeXMLParsing should be the one spot that produces an XML Document "safely"
> from a file/stream. XmlConfigFile ought to use it. QueryElevationComponent
> could avoid XmlConfigFile (not essential) and use SafeXMLParsing directly.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
