[
https://issues.apache.org/jira/browse/SOLR-5617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Uwe Schindler updated SOLR-5617:
--------------------------------
Fix Version/s: (was: 4.7)
Issue Type: Task (was: Bug)
> Default SolrResourceLoader restrictions may be too tight
> --------------------------------------------------------
>
> Key: SOLR-5617
> URL: https://issues.apache.org/jira/browse/SOLR-5617
> Project: Solr
> Issue Type: Task
> Affects Versions: 4.6
> Reporter: Shawn Heisey
> Priority: Minor
> Labels: security
> Fix For: 5.0
>
>
> SOLR-4882 introduced restrictions for the Solr class loader that cause
> resources outside the instanceDir to fail to load. This is a very good goal,
> but what if you have common resources like included config files that are
> outside instanceDir but are still fully inside the solr home?
> I can understand not wanting to load resources from an arbitrary path, but
> the solr home and its children should be about as trustworthy as instanceDir.
> Ideally I'd like to have anything that's in $\{solr.solr.home\} trusted
> automatically. If I need to define a system property to make this happen,
> I'm OK with that -- as long as I don't have to turn off the safety checking
> entirely.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
