-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63162/
-----------------------------------------------------------
Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert Nettleton.
Bugs: AMBARI-22273
https://issues.apache.org/jira/browse/AMBARI-22273
Repository: ambari
Description
-------
Due to a vulnerability found in Solr with CVE-2017-12629
(https://nvd.nist.gov/vuln/detail/CVE-2017-12629)
1.) Disable editing with the Config API by adding the
"-Ddisable.configEdit=true" flag to the SOLR_OPTS by default.
2.) Update all collections to reroute the xmlparser query parser away from the
vulnerable class, but adding this to the Ranger, Atlas, and LogSearch
collections:
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" />
That wont affect upgrade as with some manual changes these options can be set
properly. This change only for default deployments. (also wont affect 3.0)
Diffs
-----
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml
7af91df
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml
59f778f
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml
8244a08
ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml
cba4a4e
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2
63879e7
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2
b6a4d1d
ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2
25dbb7a
Diff: https://reviews.apache.org/r/63162/diff/1/
Testing
-------
done, UTs passes, FT: install Solr with these setting, also check what happens
if we adding the new xml parser.
Thanks,
Oliver Szabo
