[ https://issues.apache.org/jira/browse/SOLR-8439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15070112#comment-15070112 ]
Shawn Heisey commented on SOLR-8439: ------------------------------------ bq. Is it possible to backport it to 5.3.1? 5.3.1 has been released and will not be changing. A 5.3.2 release is coming soon, though. A bunch of fixes, including SOLR-8617, *will* be backported to the 5.3 branch, and 5.3.2 will most likely be announced within the next 2-3 weeks. Upgrading to 5.4.0 is still recommended, as it includes more changes and fixes than 5.3.2 will. > Solr Security - Permission read does not work as expected > --------------------------------------------------------- > > Key: SOLR-8439 > URL: https://issues.apache.org/jira/browse/SOLR-8439 > Project: Solr > Issue Type: Bug > Components: security > Affects Versions: 5.3.1 > Environment: Linux, Solr Cloud > Reporter: Gaurav Kumar > Priority: Critical > Original Estimate: 3h > Remaining Estimate: 3h > > I enabled security on my solr cloud and added basic authentication and > authorization to allow only specific users to read and update the records. > What I observed that update works fine but read does not stop from anonymous > access. > On digging deeper I saw that RuleBasedAuthorizationPlugin.java has > incorrectly defined the read permissions as follows: > read :{" + > " path:['/update/*', '/get']}," + > It should be /select/* rather than /update/* -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org