[ https://issues.apache.org/jira/browse/SOLR-7106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14321557#comment-14321557 ]
Erik Hatcher commented on SOLR-7106: ------------------------------------ bq. Can you explain in what sense it's a security vulnerability? Bad guy could upload a JAR with a request handler that ships back /etc/passwd or does other malicious things. > Disable dynamic loading by default > ---------------------------------- > > Key: SOLR-7106 > URL: https://issues.apache.org/jira/browse/SOLR-7106 > Project: Solr > Issue Type: Task > Reporter: Noble Paul > Assignee: Noble Paul > Priority: Blocker > Fix For: 5.0 > > Attachments: SOLR-7106.patch, SOLR-7106.patch > > > Dynamic loading of jars is enabled by default SOLR-6801. It is a security > vulnerability and we should set it to be disabled by default -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org