[jira] [Updated] (AMBARI-22273) Disable xmlparser and configEdit API in Infra Solr by default

JIRA Thu, 19 Oct 2017 12:00:27 -0700

     [ 
https://issues.apache.org/jira/browse/AMBARI-22273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Olivér Szabó updated AMBARI-22273:
----------------------------------
    Description: 
1.) Disable editing with the Config API by adding the 
"-Ddisable.configEdit=true" flag to the SOLR_OPTS by default.
2.) Update all collections to reroute the xmlparser query parser away from the 
vulnerable class, but adding this to the Ranger, Atlas, and LogSearch 
collections:
{noformat}
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" />
{noformat}

> Disable xmlparser and configEdit API in Infra Solr by default
> -------------------------------------------------------------
>
>                 Key: AMBARI-22273
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22273
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-infra, ambari-logsearch, ambari-server
>    Affects Versions: 2.6.0
>            Reporter: Olivér Szabó
>            Assignee: Olivér Szabó
>             Fix For: 2.6.0
>
>
> 1.) Disable editing with the Config API by adding the 
> "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default.
> 2.) Update all collections to reroute the xmlparser query parser away from 
> the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch 
> collections:
> {noformat}
> <queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" />
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (AMBARI-22273) Disable xmlparser and configEdit API in Infra Solr by default

Reply via email to