[
https://issues.apache.org/jira/browse/SOLR-15718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17435844#comment-17435844
]
Jan Høydahl commented on SOLR-15718:
------------------------------------
{quote}In general I'd vote we leave it until 9_x branch is cut, but since this
is a security-related issue, I'm +1 to remove it now.
{quote}
In other words you'd like it in main branch for the 10.0 release? That is
absolutely an alternative, if we explicitly want to make it possible for 8.0,
8.1, 8.2, 8.3 and 8.4 users to rolling upgrade directly to 9.0. In that case
we'll just leave this Jira and PR until branch_9x is cut. This is not a
security issue in general since the code is only invoked when this property is
set. Not a big deal to me to remove these few lines of code from 9.0. We can do
it in 10.0 if you like.
> Remove backcompat feature solr.useUnsafeOverseerResponse
> --------------------------------------------------------
>
> Key: SOLR-15718
> URL: https://issues.apache.org/jira/browse/SOLR-15718
> Project: Solr
> Issue Type: Sub-task
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> In SOLR-14095 (Solr 8.5) a system property {{solr.useUnsafeOverseerResponse}}
> was introduced to do rolling upgrades from 8.5 to 8.6 (which lets 8.6 fall
> back to Java-serialization).
> See [https://github.com/apache/solr/search?q=useUnsafeOverseerResponse]
> When upgrading to 9.0 I suppose we tell people to first upgrade to 8.11, so
> in 9.0 we don't need this. [~tflobbe] agree?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
