Re: Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default

Thu, 19 Oct 2017 12:37:15 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63162/
-----------------------------------------------------------

(Updated Oct. 19, 2017, 7:36 p.m.)


Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert Nettleton.


Changes
-------

add missing SOLR_OPT value


Bugs: AMBARI-22273
    https://issues.apache.org/jira/browse/AMBARI-22273


Repository: ambari


Description
-------

Due to a vulnerability found in Solr with CVE-2017-12629 
(https://nvd.nist.gov/vuln/detail/CVE-2017-12629)
1.) Disable editing with the Config API by adding the 
"-Ddisable.configEdit=true" flag to the SOLR_OPTS by default.
2.) Update all collections to reroute the xmlparser query parser away from the 
vulnerable class, but adding this to the Ranger, Atlas, and LogSearch 
collections:
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" />

That wont affect upgrade as with some manual changes these options can be set 
properly. This change only for default deployments. (also wont affect 3.0)


Diffs (updated)
-----

  
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml
 7af91df 
  
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml
 59f778f 
  
ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml
 8244a08 
  
ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
 5cc344e 
  
ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml
 cba4a4e 
  
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2
 63879e7 
  
ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2
 b6a4d1d 
  
ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2
 25dbb7a 


Diff: https://reviews.apache.org/r/63162/diff/2/

Changes: https://reviews.apache.org/r/63162/diff/1-2/


Testing
-------

done, UTs passes, FT: install Solr with these setting, also check what happens 
if we adding the new xml parser.


Thanks,

Oliver Szabo

Reply via email to