: In revision 743163 of the Solr 4.10 example solrconfig.xml file
: enableRemoteStreaming was (accidentally?) changed from "false" to true.
yeah ... that was 5 years ago.
I dont remember specifically if it was an accident at the time, but the
inclusion in release versions since has been intentional given the
"example" nature of the file -- which is why SOLR-2397 added a very
specific warning about it (starting with Solr 3.1) ...
*** WARNING ***
The settings below authorize Solr to fetch remote files, You
should make sure your system has some authentication before
using enableRemoteStreaming="true"
(i don't have any links to mailing list discussions handy, but i do recall
it was discussed repeatedly.)
: Should I open a JIRA?
Given SOLR-3619, i think it would probably be a good idea to change this
to false in the new configset/data_driven_schema_configs &
cofigset/basic_configs that we ship -- so yes, please open a jira for
discussion ... but i don't really think it's a "security hole" or
something that needs attention in a 4.10.x release.
-Hoss
http://www.lucidworks.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
