[
https://issues.apache.org/jira/browse/SOLR-18163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18066800#comment-18066800
]
Jason Gerlowski commented on SOLR-18163:
----------------------------------------
All of the v2 API stuff is currently "experimental", and I think that would
technically extend to cover this system property. So by that logic we should
be able to remove it in (e.g.) 10.1 if we choose.
My one slight reservation with doing this is that folks might be leaning on
"solr.disable.v2" for security-adjacent purposes. That is - I can imagine
there are users who have set up RuleBasedAuth permissions for only v1 paths and
are using the sysprop to disable v2 paths that they don't want to think about
securing in their permission list. Removing the sysprop and making v2 "always
on" might open a security gap for any users who (1) don't notice the change on
upgrading and (2) don't have a "catch-all" permission in their list somewhere.
In talking about this qualm in a recent Community Meetup folks pointed out that
this is a problem we can solve by documentation. If
> Figure out V2 API use in Solr 10.1 and later
> --------------------------------------------
>
> Key: SOLR-18163
> URL: https://issues.apache.org/jira/browse/SOLR-18163
> Project: Solr
> Issue Type: New Feature
> Affects Versions: 10.1
> Reporter: Eric Pugh
> Priority: Blocker
>
> [https://github.com/apache/solr/pull/4154] is the first use of a V2 api as
> part of Solr, in the Solr CLI. However, we still have a setting that can be
> set solr.disable.v2 that of course would then break the v2 api.
> The decision was to merge 4154 to `main` only, and get a decision on this to
> decide if we back port to branch_10x for Solr 10.1.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
