Re: Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default

Fri, 20 Oct 2017 02:24:34 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63162/#review188825
-----------------------------------------------------------


Ship it!




Ship It!

- Miklos Gergely


On Oct. 19, 2017, 7:36 p.m., Oliver Szabo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63162/
> -----------------------------------------------------------
> 
> (Updated Oct. 19, 2017, 7:36 p.m.)
> 
> 
> Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert 
> Nettleton.
> 
> 
> Bugs: AMBARI-22273
>     https://issues.apache.org/jira/browse/AMBARI-22273
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Due to a vulnerability found in Solr with CVE-2017-12629 
> (https://nvd.nist.gov/vuln/detail/CVE-2017-12629)
> 1.) Disable editing with the Config API by adding the 
> "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default.
> 2.) Update all collections to reroute the xmlparser query parser away from 
> the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch 
> collections:
> <queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" />
> 
> That wont affect upgrade as with some manual changes these options can be set 
> properly. This change only for default deployments. (also wont affect 3.0)
> 
> 
> Diffs
> -----
> 
>   
> ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml
>  7af91df 
>   
> ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml
>  59f778f 
>   
> ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml
>  8244a08 
>   
> ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
>  5cc344e 
>   
> ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml
>  cba4a4e 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2
>  63879e7 
>   
> ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2
>  b6a4d1d 
>   
> ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2
>  25dbb7a 
> 
> 
> Diff: https://reviews.apache.org/r/63162/diff/2/
> 
> 
> Testing
> -------
> 
> done, UTs passes, FT: install Solr with these setting, also check what 
> happens if we adding the new xml parser.
> 
> 
> Thanks,
> 
> Oliver Szabo
> 
>

Reply via email to