[ https://issues.apache.org/jira/browse/SOLR-15121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17275220#comment-17275220 ]
David Smiley commented on SOLR-15121: ------------------------------------- Additionally, the functionality should be guarded by the "trusted" configSet notion, just like the other scripting functionality is. > Move XSLT (tr param) to scripting contrib > ----------------------------------------- > > Key: SOLR-15121 > URL: https://issues.apache.org/jira/browse/SOLR-15121 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: David Smiley > Priority: Blocker > Fix For: master (9.0) > > > The XSLT functionality, present in both XML /update loading, and also in the > response writer, ought to move to the "scripting" contrib module because XSLT > is a type of scripting. XSLT is risky from a security standpoint, and so > should not be in solr-core. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org