[
https://issues.apache.org/jira/browse/SOLR-7871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17718689#comment-17718689
]
Gus Heck commented on SOLR-7871:
--------------------------------
As nice as it is for humans to read and write YAML, the possibility of it being
bound to code should be appreciated. See
[https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479]
for how this became a CVE saga for snakeyaml. For this use case I'm sure we
can use it safely if we pay attention, but just want to be sure we think about
that.
> Platform independent config file instead of solr.in.sh and solr.in.cmd
> ----------------------------------------------------------------------
>
> Key: SOLR-7871
> URL: https://issues.apache.org/jira/browse/SOLR-7871
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools
> Affects Versions: 5.2.1
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: bin/solr
> Attachments: SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch,
> SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch,
> SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch,
> SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch, SOLR-7871.patch
>
>
> Spinoff from SOLR-7043
> The config files {{solr.in.sh}} and {{solr.in.cmd}} are currently executable
> batch files, but all they do is to set environment variables for the start
> scripts on the format {{key=value}}
> Suggest to instead have one central platform independent config file e.g.
> {{bin/solr.yml}} or {{bin/solrstart.properties}} which is parsed by
> {{SolrCLI.java}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
