Re: Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63162/#review188825 --- Ship it! Ship It! - Miklos Gergely On Oct. 19, 2017, 7:36 p.m., Oliver Szabo wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63162/ > --- > > (Updated Oct. 19, 2017, 7:36 p.m.) > > > Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert > Nettleton. > > > Bugs: AMBARI-22273 > https://issues.apache.org/jira/browse/AMBARI-22273 > > > Repository: ambari > > > Description > --- > > Due to a vulnerability found in Solr with CVE-2017-12629 > (https://nvd.nist.gov/vuln/detail/CVE-2017-12629) > 1.) Disable editing with the Config API by adding the > "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. > 2.) Update all collections to reroute the xmlparser query parser away from > the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch > collections: > > > That wont affect upgrade as with some manual changes these options can be set > properly. This change only for default deployments. (also wont affect 3.0) > > > Diffs > - > > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml > 7af91df > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml > 59f778f > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml > 8244a08 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 > 5cc344e > > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml > cba4a4e > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2 > 63879e7 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2 > b6a4d1d > > ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 > 25dbb7a > > > Diff: https://reviews.apache.org/r/63162/diff/2/ > > > Testing > --- > > done, UTs passes, FT: install Solr with these setting, also check what > happens if we adding the new xml parser. > > > Thanks, > > Oliver Szabo > >
Re: Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63162/#review188737 --- Ship it! Ship It! - Robert Nettleton On Oct. 19, 2017, 7:36 p.m., Oliver Szabo wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63162/ > --- > > (Updated Oct. 19, 2017, 7:36 p.m.) > > > Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert > Nettleton. > > > Bugs: AMBARI-22273 > https://issues.apache.org/jira/browse/AMBARI-22273 > > > Repository: ambari > > > Description > --- > > Due to a vulnerability found in Solr with CVE-2017-12629 > (https://nvd.nist.gov/vuln/detail/CVE-2017-12629) > 1.) Disable editing with the Config API by adding the > "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. > 2.) Update all collections to reroute the xmlparser query parser away from > the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch > collections: > > > That wont affect upgrade as with some manual changes these options can be set > properly. This change only for default deployments. (also wont affect 3.0) > > > Diffs > - > > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml > 7af91df > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml > 59f778f > > ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml > 8244a08 > > ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 > 5cc344e > > ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml > cba4a4e > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2 > 63879e7 > > ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2 > b6a4d1d > > ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 > 25dbb7a > > > Diff: https://reviews.apache.org/r/63162/diff/2/ > > > Testing > --- > > done, UTs passes, FT: install Solr with these setting, also check what > happens if we adding the new xml parser. > > > Thanks, > > Oliver Szabo > >
Re: Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63162/ --- (Updated Oct. 19, 2017, 7:36 p.m.) Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert Nettleton. Changes --- add missing SOLR_OPT value Bugs: AMBARI-22273 https://issues.apache.org/jira/browse/AMBARI-22273 Repository: ambari Description --- Due to a vulnerability found in Solr with CVE-2017-12629 (https://nvd.nist.gov/vuln/detail/CVE-2017-12629) 1.) Disable editing with the Config API by adding the "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. 2.) Update all collections to reroute the xmlparser query parser away from the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch collections: That wont affect upgrade as with some manual changes these options can be set properly. This change only for default deployments. (also wont affect 3.0) Diffs (updated) - ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml 7af91df ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml 59f778f ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml 8244a08 ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 5cc344e ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml cba4a4e ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2 63879e7 ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2 b6a4d1d ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 25dbb7a Diff: https://reviews.apache.org/r/63162/diff/2/ Changes: https://reviews.apache.org/r/63162/diff/1-2/ Testing --- done, UTs passes, FT: install Solr with these setting, also check what happens if we adding the new xml parser. Thanks, Oliver Szabo
Review Request 63162: Disable xmlparser and configEdit API in Infra Solr by default
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63162/ --- Review request for Ambari, Krisztian Kasa, Miklos Gergely, and Robert Nettleton. Bugs: AMBARI-22273 https://issues.apache.org/jira/browse/AMBARI-22273 Repository: ambari Description --- Due to a vulnerability found in Solr with CVE-2017-12629 (https://nvd.nist.gov/vuln/detail/CVE-2017-12629) 1.) Disable editing with the Config API by adding the "-Ddisable.configEdit=true" flag to the SOLR_OPTS by default. 2.) Update all collections to reroute the xmlparser query parser away from the vulnerable class, but adding this to the Ranger, Atlas, and LogSearch collections: That wont affect upgrade as with some manual changes these options can be set properly. This change only for default deployments. (also wont affect 3.0) Diffs - ambari-logsearch/ambari-logsearch-portal/src/main/configsets/audit_logs/conf/solrconfig.xml 7af91df ambari-logsearch/ambari-logsearch-portal/src/main/configsets/hadoop_logs/conf/solrconfig.xml 59f778f ambari-logsearch/ambari-logsearch-portal/src/main/configsets/history/conf/solrconfig.xml 8244a08 ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/configuration/atlas-solrconfig.xml cba4a4e ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/audit_logs-solrconfig.xml.j2 63879e7 ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/service_logs-solrconfig.xml.j2 b6a4d1d ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 25dbb7a Diff: https://reviews.apache.org/r/63162/diff/1/ Testing --- done, UTs passes, FT: install Solr with these setting, also check what happens if we adding the new xml parser. Thanks, Oliver Szabo