[solr] branch main updated: SOLR-16777: Fix for Schema Designer blindly trusting potentially malicious configsets

Sat, 29 Apr 2023 07:23:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

ishan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new bf9ca1044b2 SOLR-16777: Fix for Schema Designer blindly trusting 
potentially malicious configsets
bf9ca1044b2 is described below

commit bf9ca1044b2eec234038c2c27ec7996d589bb8c8
Author: Ishan Chattopadhyaya <[email protected]>
AuthorDate: Sat Apr 29 19:52:49 2023 +0530

    SOLR-16777: Fix for Schema Designer blindly trusting potentially malicious 
configsets
---
 solr/CHANGES.txt                                   | 31 ++++++++++++++++++++++
 .../designer/SchemaDesignerConfigSetHelper.java    |  2 +-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 88e5f59f10f..2891ada69bb 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -195,6 +195,37 @@ Other Changes
 
 * PR#1566: Removed deprecated members from Tuple class (janhoy)
 
+==================  9.2.1 ==================
+
+New Features
+---------------------
+(No changes)
+
+Improvements
+---------------------
+(No changes)
+
+Optimizations
+---------------------
+(No changes)
+
+Bug Fixes
+---------------------
+
+* SOLR-16777: Fix for Schema Designer blindly trusting potentially malicious 
configsets (Ishan Chattopadhyaya, Skay)
+
+Deprecation Removals
+----------------------
+(No changes)
+
+Dependency Upgrades
+---------------------
+(No changes)
+
+Other Changes
+---------------------
+(No changes)
+
 ==================  9.2.0 ==================
 
 New Features
diff --git 
a/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java
 
b/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java
index 044b9cef96c..2ce27039c0d 100644
--- 
a/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java
+++ 
b/solr/core/src/java/org/apache/solr/handler/designer/SchemaDesignerConfigSetHelper.java
@@ -692,7 +692,7 @@ class SchemaDesignerConfigSetHelper implements 
SchemaDesignerConstants {
             configSet,
             resourceLoader.getClassLoader(),
             cc.getZkController());
-    return SolrConfig.readFromResourceLoader(zkLoader, SOLR_CONFIG_XML, true, 
null);
+    return SolrConfig.readFromResourceLoader(zkLoader, SOLR_CONFIG_XML, false, 
null);
   }
 
   ManagedIndexSchema loadLatestSchema(String configSet) {

Reply via email to