[
https://issues.apache.org/jira/browse/SOLR-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17010121#comment-17010121
]
Jason Gerlowski edited comment on SOLR-13985 at 1/7/20 10:04 PM:
-----------------------------------------------------------------
OK, awesome. I've opened a PR for this with the *nix half already in place.
That's ready to review if anyone is interested while I figure out the Windows
changes.
I put some detail on the PR about the testing I did on it; happy for
suggestions there too if there's a scenario anyone thinks of that I missed.
It's worth noting that none of our tests caught this issue because they all
start Jetty differently than a real-deal Solr does, so these settings don't
come into play in the same way. I'm not sure there's anything practical we can
do about this, but I wonder whether this difference between test-land and
reality has bitten us before? Just thinking aloud...
was (Author: gerlowskija):
OK, awesome. I've opened a PR for this with the *nix half already in place.
That's ready to review if anyone is interested while I figure out the Windows
changes.
> bind to localhost by default
> ----------------------------
>
> Key: SOLR-13985
> URL: https://issues.apache.org/jira/browse/SOLR-13985
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Assignee: Jason Gerlowski
> Priority: Major
> Fix For: master (9.0)
>
> Attachments: SOLR-13985.patch, SOLR-13985.patch, SOLR-13985.patch,
> SOLR-13985.patch
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently solr binds to all interfaces by default.
> The default should be safer, so that e.g. the user is not exposed to the
> internet until they make an explicit step to do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
