On Dec 16, 2006, at 3:44 AM, Chris Hostetter wrote:
: what they were). Solr had cross-site scripting issues in its JSP
: pages, which I think are now all fixed (?).
SOLR-74, just resolved.
I don't know if i'd really call them XSS issues: they are on the admin
pages; if a malicious user has access to them, you've got bigger
problems
then them trying XSS exploits.
I concur. But, at the very least by fixing this, users input won't
mangle the output page with unescaped HTML. For example, a query of
"</html>" would probably have screwed up the output.
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]