I failed to convince the PMC about the severity of the exploits that I was
hoping to address in the blocker issues. I don't have time nor patience to
pursue those blockers any more. I withdraw my vote (-1) on this release.
On Mon, 1 May 2023 at 02:42, Jan Høydahl wrote:
> > Without polluting
Pretty sleepy thread so far; apparently nobody else is interested in
talking about Solr security -- LOL ;-)
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
On Wed, Apr 26, 2023 at 8:25 AM Gus Heck wrote:
> Thanks David. It would be great to have you
> Without polluting this thread, I'll just say that this assertion is wrong.
> If you can demonstrate how someone with full API access, but no write
> access to disk or ZK, can execute any user code, I'll stand corrected.
Hi Noble/Ishan. I regret using the phrasing "arbitrary plugin code upload"
