Re: Lucene code review

2006-12-16 Thread Erik Hatcher
On Dec 16, 2006, at 3:44 AM, Chris Hostetter wrote: : what they were). Solr had cross-site scripting issues in its JSP : pages, which I think are now all fixed (?). SOLR-74, just resolved. I don't know if i'd really call them XSS issues: they are on the admin pages; if a malicious user has ac

Re: Lucene code review

2006-12-16 Thread Chris Hostetter
: what they were). Solr had cross-site scripting issues in its JSP : pages, which I think are now all fixed (?). SOLR-74, just resolved. I don't know if i'd really call them XSS issues: they are on the admin pages; if a malicious user has access to them, you've got bigger problems then them try

Re: Lucene code review

2006-12-15 Thread Doug Cutting
Brian Chess wrote: I'd be happy to set up an account for anyone involved with the projects who'd like to take a look. (Because we're checking for security problems, we don't share specific findings with the general public.) Thanks for doing this, Brian. One possibility would be to generate Ji

Re: Lucene code review

2006-12-15 Thread Sami Siren
Erik Hatcher wrote: > I have an account and I recommend at least a couple of the really active > committers sign on as well. Yonik for sure! ;) Doug, of course (if he > wants). Anyone else? I am interested check out Nutch. -- Sami Siren --

Re: Lucene code review

2006-12-15 Thread Erik Hatcher
cross-site scripting bugs in Solr. There are a few more bugs that I think are worth looking at, but nothing to get worked up about. Brian From: Erik Hatcher <[EMAIL PROTECTED]> Date: Thu, 14 Dec 2006 23:43:33 -0500 To: Cc: Brian Chess <[EMAIL PROTECTED]>, Gary McGraw <[EMAIL PR

Re: Lucene code review

2006-12-15 Thread Brian Chess
> Cc: Brian Chess <[EMAIL PROTECTED]>, Gary McGraw <[EMAIL PROTECTED]> > Subject: Re: Lucene code review > > > On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote: >> Just spotted this on Slashdot: http:// >> opensource.fortifysoftware.com/welcome.html >> I

Fwd: Lucene code review

2006-12-15 Thread Erik Hatcher
ROTECTED]> Subject: Re: Lucene code review Hi Erik, thanks for the intro. I'd be happy to set up an account for anyone involved with the projects who'd like to take a look. (Because we're checking for security problems, we don't share specific findings with the gen

Re: Lucene code review

2006-12-14 Thread Erik Hatcher
On Dec 13, 2006, at 1:00 AM, Otis Gospodnetic wrote: Just spotted this on Slashdot: http:// opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see a way to see them from their site. I had an early peek at the Fortify analysis of se

Re: Lucene code review

2006-12-12 Thread Lukas Vlcek
Hi, Indeed, I am very impressed by the fact that both the Nutch and Lucene scored best of all considered project in the survey. Congratulations to the community! Lukas On 12/13/06, Otis Gospodnetic <[EMAIL PROTECTED]> wrote: Just spotted this on Slashdot: http://opensource.fortifysoftware.co

Lucene code review

2006-12-12 Thread Otis Gospodnetic
Just spotted this on Slashdot: http://opensource.fortifysoftware.com/welcome.html I wonder what the 3 defects they found and reviewed are... I don't see a way to see them from their site. Otis - To unsubscribe, e-mail: [EMAI