[jira] [Commented] (SOLR-7106) Disable dynamic loading by default

Erik Hatcher (JIRA) Sat, 14 Feb 2015 09:02:36 -0800

    [ 
https://issues.apache.org/jira/browse/SOLR-7106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14321557#comment-14321557
 ]


Erik Hatcher commented on SOLR-7106:
------------------------------------

bq. Can you explain in what sense it's a security vulnerability? 

Bad guy could upload a JAR with a request handler that ships back /etc/passwd 
or does other malicious things.

> Disable dynamic loading by default
> ----------------------------------
>
>                 Key: SOLR-7106
>                 URL: https://issues.apache.org/jira/browse/SOLR-7106
>             Project: Solr
>          Issue Type: Task
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>            Priority: Blocker
>             Fix For: 5.0
>
>         Attachments: SOLR-7106.patch, SOLR-7106.patch
>
>
> Dynamic loading of jars is enabled by default SOLR-6801. It is a security 
> vulnerability and we should set it to be disabled by default



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Commented] (SOLR-7106) Disable dynamic loading by default

Reply via email to