[
https://issues.apache.org/jira/browse/SOLR-16522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hariprasad T updated SOLR-16522:
Security: Public (was: Private (Security Issue))
> Unauthenticated access to an Apache Solr Server
[
https://issues.apache.org/jira/browse/SOLR-16521?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hariprasad T updated SOLR-16521:
Security: Public (was: Private (Security Issue))
> Apache Solr SSRF vulnerability
> --
[
https://issues.apache.org/jira/browse/SOLR-16520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hariprasad T updated SOLR-16520:
Security: Public (was: Private (Security Issue))
> Apache Solr Remote Code Execution Vulnerability
[
https://issues.apache.org/jira/browse/SOLR-16350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628613#comment-17628613
]
David Smiley commented on SOLR-16350:
-
Curious, try SOLR_SECURITY_MANAGER_ENABLED=fal
risdenk commented on code in PR #585:
URL: https://github.com/apache/solr/pull/585#discussion_r1013511707
##
solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java:
##
@@ -278,6 +295,10 @@ public void close() {
assert ObjectReleaseTracker.release(this);
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628606#comment-17628606
]
Noble Paul commented on SOLR-16414:
---
{quote}However, if we do want some form of paralle
risdenk commented on code in PR #585:
URL: https://github.com/apache/solr/pull/585#discussion_r1013510879
##
solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java:
##
@@ -278,6 +295,10 @@ public void close() {
assert ObjectReleaseTracker.release(this);
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628563#comment-17628563
]
Patson Luk edited comment on SOLR-16414 at 11/3/22 11:36 PM:
-
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628563#comment-17628563
]
Patson Luk edited comment on SOLR-16414 at 11/3/22 11:35 PM:
-
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628565#comment-17628565
]
Patson Luk commented on SOLR-16414:
---
Another kinda minor thought is perhaps we should a
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628563#comment-17628563
]
Patson Luk edited comment on SOLR-16414 at 11/3/22 11:27 PM:
-
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628563#comment-17628563
]
Patson Luk commented on SOLR-16414:
---
Dug a little bit deeper into the issue. The core i
dsmiley commented on code in PR #1154:
URL: https://github.com/apache/solr/pull/1154#discussion_r1013431841
##
solr/core/src/java/org/apache/solr/handler/component/QueryElevationComponent.java:
##
@@ -553,6 +560,82 @@ private void setQuery(ResponseBuilder rb, Elevation
elevatio
[
https://issues.apache.org/jira/browse/SOLR-7759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris M. Hostetter resolved SOLR-7759.
--
Fix Version/s: 8.3
Assignee: Andrzej Bialecki
Resolution: Fixed
This pro
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628543#comment-17628543
]
Noble Paul commented on SOLR-16512:
---
Thanks [~krisden]
> Eliminate noggit JSONWriter.
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628533#comment-17628533
]
Joel Bernstein edited comment on SOLR-15733 at 11/3/22 9:28 PM:
---
risdenk commented on PR #585:
URL: https://github.com/apache/solr/pull/585#issuecomment-1302683368
> Btw we need to upgrade, as we are seeing
https://github.com/eclipse/jetty.project/issues/8558 in our failing tests, and
need an upgrade path when Jetty 10.0.13 is released.
yup this a
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628533#comment-17628533
]
Joel Bernstein edited comment on SOLR-15733 at 11/3/22 9:24 PM:
---
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628533#comment-17628533
]
Joel Bernstein edited comment on SOLR-15733 at 11/3/22 9:24 PM:
---
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628533#comment-17628533
]
Joel Bernstein commented on SOLR-15733:
---
I can do the main backport tomorrow. I'll
risdenk commented on code in PR #585:
URL: https://github.com/apache/solr/pull/585#discussion_r1013409554
##
solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java:
##
@@ -278,6 +295,10 @@ public void close() {
assert ObjectReleaseTracker.release(this);
dsmiley commented on PR #1160:
URL: https://github.com/apache/solr/pull/1160#issuecomment-1302673179
Hi Calvnce. I guess you're off to a good start but obviously more to do.
You have a new source file here but nothing calls it; I don't think Solr uses
any auto-registration based on scanni
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628529#comment-17628529
]
ASF subversion and git services commented on SOLR-16512:
Commit 9
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628528#comment-17628528
]
Kevin Risden commented on SOLR-15733:
-
[~jbernste] are you backporting to branch_9x?
[
https://issues.apache.org/jira/browse/SOLR-15733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden updated SOLR-15733:
Fix Version/s: main (10.0)
> Separate out a solrj-streaming module
> --
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628526#comment-17628526
]
ASF subversion and git services commented on SOLR-16512:
Commit 3
calvnce opened a new pull request, #1160:
URL: https://github.com/apache/solr/pull/1160
https://issues.apache.org/jira/browse/[SOLR-15781](https://issues.apache.org/jira/browse/SOLR-15781)
# Description
As mentioned on
[SOLR-15781](https://issues.apache.org/jira/browse/SOLR-15
[
https://issues.apache.org/jira/browse/SOLR-15694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628524#comment-17628524
]
Ishan Chattopadhyaya commented on SOLR-15694:
-
Done.
> Concept of node roles
HoustonPutman commented on code in PR #585:
URL: https://github.com/apache/solr/pull/585#discussion_r1013339786
##
solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java:
##
@@ -278,6 +295,10 @@ public void close() {
assert ObjectReleaseTracker.release(t
sonatype-lift[bot] commented on code in PR #1158:
URL: https://github.com/apache/solr/pull/1158#discussion_r1013364124
##
solr/test-framework/src/java/org/apache/solr/cloud/AbstractFullDistribZkTestBase.java:
##
@@ -2172,39 +2172,26 @@ protected SolrClient createNewSolrClient(
sonatype-lift[bot] commented on code in PR #1158:
URL: https://github.com/apache/solr/pull/1158#discussion_r1013354025
##
solr/test-framework/src/java/org/apache/solr/cloud/AbstractFullDistribZkTestBase.java:
##
@@ -2197,14 +2197,10 @@ protected SolrClient createNewSolrClient(
risdenk commented on code in PR #862:
URL: https://github.com/apache/solr/pull/862#discussion_r1013332794
##
build.gradle:
##
@@ -207,3 +207,5 @@ apply from: file('gradle/ant-compat/solr.post-jar.gradle')
apply from: file('gradle/node.gradle')
+sourceCompatibility = JavaVer
dsmiley commented on code in PR #862:
URL: https://github.com/apache/solr/pull/862#discussion_r1013331045
##
build.gradle:
##
@@ -207,3 +207,5 @@ apply from: file('gradle/ant-compat/solr.post-jar.gradle')
apply from: file('gradle/node.gradle')
+sourceCompatibility = JavaVer
dsmiley commented on code in PR #862:
URL: https://github.com/apache/solr/pull/862#discussion_r1013331045
##
build.gradle:
##
@@ -207,3 +207,5 @@ apply from: file('gradle/ant-compat/solr.post-jar.gradle')
apply from: file('gradle/node.gradle')
+sourceCompatibility = JavaVer
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya resolved SOLR-16414.
-
Resolution: Fixed
> Race condition in PRS state updates
> ---
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628495#comment-17628495
]
Ishan Chattopadhyaya commented on SOLR-16414:
-
bq. Still, if this is a PRS-on
risdenk commented on code in PR #862:
URL: https://github.com/apache/solr/pull/862#discussion_r1013322838
##
build.gradle:
##
@@ -207,3 +207,5 @@ apply from: file('gradle/ant-compat/solr.post-jar.gradle')
apply from: file('gradle/node.gradle')
+sourceCompatibility = JavaVer
gerlowskija commented on code in PR #862:
URL: https://github.com/apache/solr/pull/862#discussion_r1013311803
##
build.gradle:
##
@@ -207,3 +207,5 @@ apply from: file('gradle/ant-compat/solr.post-jar.gradle')
apply from: file('gradle/node.gradle')
+sourceCompatibility = Jav
gerlowskija commented on code in PR #1053:
URL: https://github.com/apache/solr/pull/1053#discussion_r1013268226
##
solr/core/src/java/org/apache/solr/handler/admin/CollectionsHandler.java:
##
@@ -1298,19 +1298,25 @@ public Map execute(
V2ApiUtils.squashIntoSolrRespons
endzyme opened a new issue, #490:
URL: https://github.com/apache/solr-operator/issues/490
## Description
When trying to apply custom labels to Zookeeper pods through the SolrCloud
spec, the labels do not show up on the final set of Zookeeper pods.
The issue appears to be that
endzyme commented on PR #480:
URL: https://github.com/apache/solr-operator/pull/480#issuecomment-1302497220
@HoustonPutman I've updated the changelog and added the same feature to the
solr-operator chart.
--
This is an automated message from the Apache Git Service.
To respond to the mess
gerlowskija commented on code in PR #1053:
URL: https://github.com/apache/solr/pull/1053#discussion_r1013243883
##
solr/core/src/test/org/apache/solr/handler/admin/api/DeleteReplicaPropertyAPITest.java:
##
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF
epugh commented on PR #1158:
URL: https://github.com/apache/solr/pull/1158#issuecomment-1302480360
>
So I'm clear, you are suggesting that where we create a `HttpSolrClient` in
tests that just need a `SolrClient`, look to move to Http2SolrClient? I can
do that, it looks like `Solr
dsmiley commented on PR #1158:
URL: https://github.com/apache/solr/pull/1158#issuecomment-1302471764
The "LB" variants, I think of as being rather internal. Thus true
immutability is not very important if we can see that within Solr's codebase,
the setters are only ever invoked immediately
dsmiley commented on PR #1158:
URL: https://github.com/apache/solr/pull/1158#issuecomment-1302466510
While you are changing these lines of code, why not use Http2 as well? Put
differently, work on making Http2 Builder's more comprehensive... and may or
may not get to the deprecated clients
sonatype-lift[bot] commented on code in PR #1158:
URL: https://github.com/apache/solr/pull/1158#discussion_r1013203543
##
solr/test-framework/src/java/org/apache/solr/SolrJettyTestBase.java:
##
@@ -154,14 +158,9 @@ public synchronized SolrClient getSolrClient() {
* options.
[
https://issues.apache.org/jira/browse/SOLR-16350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628428#comment-17628428
]
Shubanker edited comment on SOLR-16350 at 11/3/22 5:19 PM:
---
[~k
[
https://issues.apache.org/jira/browse/SOLR-16350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628428#comment-17628428
]
Shubanker commented on SOLR-16350:
--
Yes I am using SOLR in Docker Container, apologies f
epugh commented on PR #1158:
URL: https://github.com/apache/solr/pull/1158#issuecomment-1302395229
So... `LBHttp2SolrClient` doesn't have a Builder pattern... Should it?
I'm worried about never getting this PR to a committable shape by adding
more On the other hand, maybe to com
epugh commented on code in PR #1158:
URL: https://github.com/apache/solr/pull/1158#discussion_r1013166419
##
solr/solrj/src/test/org/apache/solr/client/solrj/impl/BasicHttpSolrClientTest.java:
##
@@ -341,7 +346,6 @@ public void testQuery() throws Exception {
assertEquals(
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628381#comment-17628381
]
Houston Putman commented on SOLR-16512:
---
[~noble.paul] take a look at
https://ci-b
pareekdevanshu commented on issue #55:
URL: https://github.com/apache/solr-operator/issues/55#issuecomment-1302267261
thanks, created this issue
https://github.com/apache/solr-operator/issues/489
--
This is an automated message from the Apache Git Service.
To respond to the message, plea
pareekdevanshu opened a new issue, #489:
URL: https://github.com/apache/solr-operator/issues/489
Hi Team,
Currently It is possible to set capabilities for `initContainers` and
`sidecarContainers`, Eg:
```
securityContext:
capabilities:
drop:
- ALL
```
But
HoustonPutman commented on issue #55:
URL: https://github.com/apache/solr-operator/issues/55#issuecomment-1302249620
Ahh it looks like you can only set capabilities on the container security
context. If you make a separate issue we can try to get that added.
--
This is an automated messag
pareekdevanshu commented on issue #55:
URL: https://github.com/apache/solr-operator/issues/55#issuecomment-1302239218
@HoustonPutman Thanks for the reply, I wanted to `drop all capabilities in
security context ` which can be done using securityContext :
```
securityContext:
capab
magibney commented on PR #1157:
URL: https://github.com/apache/solr/pull/1157#issuecomment-1302223617
This makes sense to me; seems like maybe just an oversight rather than an
intentional decision. @anshumg could you take a quick look and
confirm/contradict?
--
This is an automated messa
HoustonPutman commented on issue #55:
URL: https://github.com/apache/solr-operator/issues/55#issuecomment-1302217298
You can set the podSecurityContext through
`customSolrKubeOptions.podOptions.podSecurityContext`
--
This is an automated message from the Apache Git Service.
To respond to
cpoerschke commented on PR #1141:
URL: https://github.com/apache/solr/pull/1141#issuecomment-1302158328
> @cpoerschke @risdenk Thanks! Any hope of getting this into 9.1? I see RC1
is out now...
Looks like there's gonna be an RC2 --
https://lists.apache.org/thread/scd8b4pks4b9xnkppv4c
[
https://issues.apache.org/jira/browse/SOLR-16350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628329#comment-17628329
]
Kevin Risden commented on SOLR-16350:
-
[~shubanker] you are using Docker right? Based
[
https://issues.apache.org/jira/browse/SOLR-15855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-15855.
Resolution: Implemented
> CVEs in shadowed dependencies
> -
>
>
[
https://issues.apache.org/jira/browse/SOLR-15855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628294#comment-17628294
]
Jan Høydahl commented on SOLR-15855:
Test framework is not shipped with 9.0,
https:/
mpetris commented on PR #1156:
URL: https://github.com/apache/solr/pull/1156#issuecomment-1301979984
OK, got it. We refactored the implementation a bit to seperate the algorithm
from the access to SortedDocValues and SortedSetDocValues. This allows us to
have the algorithm only once. It is
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul resolved SOLR-16512.
---
Fix Version/s: 9.2
Resolution: Fixed
> Eliminate noggit JSONWriter.Writable from Solr classes
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628276#comment-17628276
]
ASF subversion and git services commented on SOLR-16512:
Commit b
[
https://issues.apache.org/jira/browse/SOLR-16512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628274#comment-17628274
]
ASF subversion and git services commented on SOLR-16512:
Commit 2
noblepaul merged PR #1159:
URL: https://github.com/apache/solr/pull/1159
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628272#comment-17628272
]
Noble Paul commented on SOLR-16414:
---
> Do you know the root cause of the deadlock?
Ac
pareekdevanshu commented on issue #55:
URL: https://github.com/apache/solr-operator/issues/55#issuecomment-1301924358
@HoustonPutman I was looking for an option to set securityContext for
solr-cloud containers but couldnt find any option in the CRD to do that. I only
see option to set secur
[
https://issues.apache.org/jira/browse/SOLR-16519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-16519.
Resolution: Invalid
Closing as invalid. In the future, please follow our policy for vulnerability
[
https://issues.apache.org/jira/browse/SOLR-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628244#comment-17628244
]
Jan Høydahl commented on SOLR-16414:
Do we know that the sequential forEach is safe?
Samuel Marcaille created SOLR-16519:
---
Summary: CVE-2022-42889 - Solr
Key: SOLR-16519
URL: https://issues.apache.org/jira/browse/SOLR-16519
Project: Solr
Issue Type: Bug
Security Level
[
https://issues.apache.org/jira/browse/SOLR-15694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628212#comment-17628212
]
Jan Høydahl commented on SOLR-15694:
I'll try once moce [~ichattopadhyaya] [~noble.pa
[
https://issues.apache.org/jira/browse/SOLR-14613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628207#comment-17628207
]
Jan Høydahl commented on SOLR-14613:
[~ilan] [~ab] Can you move SIP-8 to the "Impleme
[
https://issues.apache.org/jira/browse/SOLR-16518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628184#comment-17628184
]
Jan Høydahl commented on SOLR-16518:
{code:java}
Contact: mailto:secur...@solr.apache
Jan Høydahl created SOLR-16518:
--
Summary: Add security.txt to website
Key: SOLR-16518
URL: https://issues.apache.org/jira/browse/SOLR-16518
Project: Solr
Issue Type: Task
Security Level: P
75 matches
Mail list logo
