[ https://issues.apache.org/jira/browse/AMBARI-22273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Olivér Szabó updated AMBARI-22273: ---------------------------------- Description: 1.) Disable editing with the Config API by adding the "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. 2.) Update all collections to reroute the xmlparser query parser away from the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch collections: {noformat} <queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" /> {noformat} > Disable xmlparser and configEdit API in Infra Solr by default > ------------------------------------------------------------- > > Key: AMBARI-22273 > URL: https://issues.apache.org/jira/browse/AMBARI-22273 > Project: Ambari > Issue Type: Bug > Components: ambari-infra, ambari-logsearch, ambari-server > Affects Versions: 2.6.0 > Reporter: Olivér Szabó > Assignee: Olivér Szabó > Fix For: 2.6.0 > > > 1.) Disable editing with the Config API by adding the > "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. > 2.) Update all collections to reroute the xmlparser query parser away from > the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch > collections: > {noformat} > <queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" /> > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)