Re: Lucene code review

2006-12-16 Thread Chris Hostetter
: what they were). Solr had cross-site scripting issues in its JSP : pages, which I think are now all fixed (?). SOLR-74, just resolved. I don't know if i'd really call them XSS issues: they are on the admin pages; if a malicious user has access to them, you've got bigger problems then them

Re: Lucene code review

2006-12-16 Thread Erik Hatcher
On Dec 16, 2006, at 3:44 AM, Chris Hostetter wrote: : what they were). Solr had cross-site scripting issues in its JSP : pages, which I think are now all fixed (?). SOLR-74, just resolved. I don't know if i'd really call them XSS issues: they are on the admin pages; if a malicious user has

Fwd: Lucene code review

2006-12-15 Thread Erik Hatcher
: Re: Lucene code review Hi Erik, thanks for the intro. I'd be happy to set up an account for anyone involved with the projects who'd like to take a look. (Because we're checking for security problems, we don't share specific findings with the general public.) Erik is right, from Lucene

Re: Lucene code review

2006-12-15 Thread Brian Chess
[EMAIL PROTECTED], Gary McGraw [EMAIL PROTECTED] Subject: Re: Lucene code review On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote: Just spotted this on Slashdot: http:// opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see

Re: Lucene code review

2006-12-15 Thread Erik Hatcher
] Subject: Re: Lucene code review On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote: Just spotted this on Slashdot: http:// opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see a way to see them from their site. I had an early peek

Re: Lucene code review

2006-12-15 Thread Sami Siren
Erik Hatcher wrote: I have an account and I recommend at least a couple of the really active committers sign on as well. Yonik for sure! ;) Doug, of course (if he wants). Anyone else? I am interested check out Nutch. -- Sami Siren

Re: Lucene code review

2006-12-15 Thread Doug Cutting
Brian Chess wrote: I'd be happy to set up an account for anyone involved with the projects who'd like to take a look. (Because we're checking for security problems, we don't share specific findings with the general public.) Thanks for doing this, Brian. One possibility would be to generate

Re: Lucene code review

2006-12-14 Thread Erik Hatcher
On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote: Just spotted this on Slashdot: http:// opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see a way to see them from their site. I had an early peek at the Fortify analysis of

Lucene code review

2006-12-12 Thread Otis Gospodnetic
Just spotted this on Slashdot: http://opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see a way to see them from their site. Otis - To unsubscribe, e-mail:

Re: Lucene code review

2006-12-12 Thread Lukas Vlcek
Hi, Indeed, I am very impressed by the fact that both the Nutch and Lucene scored best of all considered project in the survey. Congratulations to the community! Lukas On 12/13/06, Otis Gospodnetic [EMAIL PROTECTED] wrote: Just spotted this on Slashdot: