----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63162/#review188825 -----------------------------------------------------------
Ship it! Ship It! - Miklos Gergely On Oct. 19, 2017, 7:36 p.m., Oliver Szabo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63162/ > ----------------------------------------------------------- > > (Updated Oct. 19, 2017, 7:36 p.m.) > > > Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert > Nettleton. > > > Bugs: AMBARI-22273 > https://issues.apache.org/jira/browse/AMBARI-22273 > > > Repository: ambari > > > Description > ------- > > Due to a vulnerability found in Solr with CVE-2017-12629 > (https://nvd.nist.gov/vuln/detail/CVE-2017-12629) > 1.) Disable editing with the Config API by adding the > "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. > 2.) Update all collections to reroute the xmlparser query parser away from > the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch > collections: > <queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin" /> > > That wont affect upgrade as with some manual changes these options can be set > properly. This change only for default deployments. (also wont affect 3.0) > > > Diffs > ----- > > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml > 7af91df > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml > 59f778f > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml > 8244a08 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 > 5cc344e > > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml > cba4a4e > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2 > 63879e7 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2 > b6a4d1d > > ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 > 25dbb7a > > > Diff: https://reviews.apache.org/r/63162/diff/2/ > > > Testing > ------- > > done, UTs passes, FT: install Solr with these setting, also check what > happens if we adding the new xml parser. > > > Thanks, > > Oliver Szabo > >