Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
dsmiley commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2333795903 ## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ## @@ -74,6 +74,9 @@ Due to changes in Lucene 9, that isn't possible any more. SolrJ users not using SolrClients that use Apache HttpClient can safely exclude those dependencies. SolrJ users not using SolrClients that use Jetty HttpClient can safely exclude those dependencies. +=== Java Security Manager +Java removed support for the Security Manager starting with Java 24, therefore Solr will disable the feature when run with Java 24 or later. + Review Comment: Even on bare metal, the OS can run services on different accounts. And I believe some OS's have sandboxing means similar to a container. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
uschindler commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3273885352 P.S.: You don't need a new Gradle for testing/building with Java 24. Gradle should always run on the "base version" (ideally 21). To run tests with Java 24 or Java 25, just use `RUNTIME_JAVA_HOME=` environment variable. This is what Jenkins is doing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy merged PR #3153: URL: https://github.com/apache/solr/pull/3153 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2335897675 ## solr/bin/solr: ## @@ -1155,6 +1155,11 @@ else REMOTE_JMX_OPTS=() fi +# Do not use the java security manager when running Java 24+ +if (( JAVA_VER_NUM >= 24 )) ; then Review Comment: I'll keep it separate since this is already tested. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
reneleonhardt commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3271322459 Thank you for replying, contributors can't request CoPilot reviews if not enabled, for example the official documentation doesn't work here, you would have to check your personal, organization and repository settings. https://github.blog/changelog/2025-06-18-getting-started-with-github-copilot-coding-agent-is-now-easier/ > Today, we’re making it easier to get started with this new agent. > > For users with access to Copilot coding agent, the agent is now available in all repositories by default. > https://docs.github.com/en/copilot/how-tos/use-copilot-agents/request-a-code-review/use-code-review https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions https://github.blog/ai-and-ml/github-copilot/how-to-use-github-copilot-to-level-up-your-code-reviews-and-pull-requests/ https://docs.github.com/en/copilot/concepts/code-review https://github.com/features/copilot Asking the documentation: "How to enable copilot reviews in open-source repositories?" To enable GitHub Copilot reviews in open-source repositories, follow these steps: 1. Navigate to the main page of the repository on GitHub. 2. Under the repository name, click Settings. If you don't see the "Settings" tab, select the More dropdown menu, then click Settings. 3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets. 4. Click New ruleset. 5. Click New branch ruleset. 6. Under "Ruleset name," type a name for the ruleset. 7. To activate the ruleset, under "Enforcement Status," select Active. 8. Under "Target branches," click Add target and choose an option like Include default branch or Include all branches. 9. Under "Branch rules," select the Require a pull request before merging checkbox. This expands additional options. 10. Select the Request pull request review from Copilot checkbox. 11. At the bottom of the page, click Create. CodeRabbit is so much better: https://docs.coderabbit.ai/guides/commands#manually-request-code-reviews%E2%80%8B -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
dsmiley commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3270927065 > Despite encouraging comments discussions haven't been resolved, Gradle is still far too old to even build with JDK 24, Yes it is too old for JDK 24 but nonetheless it is only one year old, which isn't bad IMO. Someone will surely update it again before long. > But probably no wonder with 272 open contributions and no free AI review helper like CodeRabbit enabled to shorten the feedback loop. There's GitHub CoPilot, and I intentionally activated its review in response to your remark. I'm not certain if contributors can self activate the review. BTW that 272 number is large but it probably filled with automated dependency upgrades that we're working through. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r268510 ## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ## @@ -74,6 +74,10 @@ Due to changes in Lucene 9, that isn't possible any more. SolrJ users not using SolrClients that use Apache HttpClient can safely exclude those dependencies. SolrJ users not using SolrClients that use Jetty HttpClient can safely exclude those dependencies. +=== Java Security Manager + +Java has removed support for the Security Manager starting with Java 24; therefore, Solr will disable this feature when run with Java 24 or later. Solr previously used the Security Manager to provide an additional layer of protection against unintended file system access, network access, and process execution. Users upgrading to Java 24 or later should review their security practices and consider alternative measures, such as running Solr in containers or implementing additional operating system-level controls. Review Comment: This is my latest suggestion for upgrade-notes phrasing related to Java 24 and JSM, inspired by Copilot. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2332736034 ## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ## @@ -74,6 +74,9 @@ Due to changes in Lucene 9, that isn't possible any more. SolrJ users not using SolrClients that use Apache HttpClient can safely exclude those dependencies. SolrJ users not using SolrClients that use Jetty HttpClient can safely exclude those dependencies. +=== Java Security Manager +Java removed support for the Security Manager starting with Java 24, therefore Solr will disable the feature when run with Java 24 or later. + Review Comment: On one hand, we could expect users upgrading to Java 25 to be aware of the JSM removal and what that means for the use of any java application. However, it is also quite likely that many will blindly upgrade to latest LTS java wherever they can without giving it much more thought. Perhaps we should err on stating clearly what this may mean. Perhaps not as thoroughly as the suggestion above, but I like the distinction between container and bare-metal. Users running Solr on bare-metal, perhaps side by side by other applications, have a real benefit of JSM today. But you could argue that when running in container, it's much harder to do much harm. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
Copilot commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2332698204 ## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ## @@ -74,6 +74,9 @@ Due to changes in Lucene 9, that isn't possible any more. SolrJ users not using SolrClients that use Apache HttpClient can safely exclude those dependencies. SolrJ users not using SolrClients that use Jetty HttpClient can safely exclude those dependencies. +=== Java Security Manager +Java removed support for the Security Manager starting with Java 24, therefore Solr will disable the feature when run with Java 24 or later. + Review Comment: [nitpick] The documentation should clarify what this means for users. Consider adding information about whether this affects security posture, if there are alternative security measures, or if users need to take any action when upgrading to Java 24+. ```suggestion The Java Security Manager was historically used to restrict the actions that code could perform at runtime, providing an additional layer of security. With its removal in Java 24+, Solr will no longer be able to leverage this mechanism for sandboxing or limiting permissions. This may affect the overall security posture of Solr deployments, especially in environments where the Security Manager was used to enforce stricter controls. Users upgrading to Java 24 or later should review their security practices and consider alternative measures, such as running Solr in containers, using operating system-level controls (e.g., SELinux, AppArmor), or following the principle of least privilege for Solr processes. There is no direct replacement for the Security Manager in Java 24+, so it is important to ensure that your deployment is otherwise secured. No action is required for most users unless you previously relied on the Security Manager for additional protection. If so, you should plan to migrate to alternative security controls before upgrading to Java 24 or later. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2332719475 ## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ## @@ -67,6 +67,10 @@ It is always strongly recommended that you fully reindex your documents after a In Solr 8, it was possible to add docValues to a schema without re-indexing via `UninvertDocValuesMergePolicy`, an advanced/expert utility. Due to changes in Lucene 9, that isn't possible any more. +== Solr 9.9 +=== Java Security Manager +Java removed support for the Security Manager starting with Java 24, therefore Solr will disable the feature when run with Java 24 or later. + Review Comment: Copilot is of another opinion, see comment https://github.com/apache/solr/pull/3153#discussion_r2332698204 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3269695183 I volunteer to merge this once tests passes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3241203314 I moved the change note to 9.10 section. @HoustonPutman do you want to land and backport this to 9x? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3241563684 @reneleonhardt The `org.apache.solr.bench.MiniClusterBenchStateTest.testMiniClusterState` test failure is unrelated and being fixed elsewhere. It does not block this PR from being merged. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
reneleonhardt commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3241516501 https://github.com/apache/solr/actions/runs/17370856332/job/49306132986?pr=3153 ``` job: Run Solr Tests using Crave.io resources Pulling container image accupara/openjdk:21... WARNING: A command line option has enabled the Security Manager WARNING: The Security Manager is deprecated and will be removed in a future release java.security.policy: error adding Permission, java.net.URLPermission: java.util.ServiceConfigurationError: Locale provider adapter "CLDR"cannot be instantiated. > Task :solr:solrj:wipeTaskTemp ERROR: The following test(s) have failed: - org.apache.solr.bench.MiniClusterBenchStateTest.testMiniClusterState (:solr:benchmark) Test history: https://develocity.apache.org/scans/tests?search.rootProjectNames=solr-root&tests.container=org.apache.solr.bench.MiniClusterBenchStateTest&tests.test=testMiniClusterState http://fucit.org/solr-jenkins-reports/history-trend-of-recent-failures.html#series/org.apache.solr.bench.MiniClusterBenchStateTest.testMiniClusterState Test output: /tmp/src/solr/solr/benchmark/build/test-results/test/outputs/OUTPUT-org.apache.solr.bench.MiniClusterBenchStateTest.txt Reproduce with: ./gradlew :solr:benchmark:test --tests "org.apache.solr.bench.MiniClusterBenchStateTest.testMiniClusterState" "-Ptests.jvmargs=-XX:TieredStopAtLevel=1 -XX:+UseParallelGC -XX:ActiveProcessorCount=1 -XX:ReservedCodeCacheSize=120m" -Ptests.seed=7756808488807188 -Ptests.timeoutSuite=60! -Ptests.useSecurityManager=true -Ptests.file.encoding=ISO-8859-1 - org.apache.solr.bench.MiniClusterBenchStateTest (:solr:benchmark) Test history: https://develocity.apache.org/scans/tests?search.rootProjectNames=solr-root&tests.container=org.apache.solr.bench.MiniClusterBenchStateTest Test output: /tmp/src/solr/solr/benchmark/build/test-results/test/outputs/OUTPUT-org.apache.solr.bench.MiniClusterBenchStateTest.txt Reproduce with: ./gradlew :solr:benchmark:test --tests "org.apache.solr.bench.MiniClusterBenchStateTest" "-Ptests.jvmargs=-XX:TieredStopAtLevel=1 -XX:+UseParallelGC -XX:ActiveProcessorCount=1 -XX:ReservedCodeCacheSize=120m" -Ptests.seed=7756808488807188 -Ptests.timeoutSuite=60! -Ptests.useSecurityManager=true -Ptests.file.encoding=ISO-8859-1 FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':solr:benchmark:test'. > There were failing tests. See the results at: file:///tmp/src/solr/solr/benchmark/build/test-results/test/ BUILD FAILED in 3m 23s 144 actionable tasks: 140 executed, 4 up-to-date ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
reneleonhardt commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3240929312 Despite encouraging comments discussions haven't been resolved, Gradle is still far too old to even build with JDK 24, and JDK 25 LTS will be released in 2 weeks... I have no hopes that this 7 months old contribution will be merged by then 😞 But probably no wonder with 272 open contributions and no free AI review helper like CodeRabbit enabled to shorten the feedback loop. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
github-actions[bot] commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3240528151 This PR has had no activity for 60 days and is now labeled as stale. Any new activity will remove the stale label. To attract more reviewers, please tag people who might be familiar with the code area and/or notify the [email protected] mailing list. To exempt this PR from being marked as stale, make it a draft PR or add the label "exempt-stale". If left unattended, this PR will be closed after another 60 days of inactivity. Thank you for your contribution! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
janhoy commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-3025803615 Fixed merge conflict in this. I'm ok with merging this as is. I tested running solr in Java 24, and without this fix (or explicitly disableing JSM) the start script will just spin and timeout, while the log prints ``` OpenJDK 64-Bit Server VM warning: -XX:+UseLargePages not supported in this VM WARNING: Using incubator modules: jdk.incubator.vector Error occurred during initialization of VM java.lang.Error: A command line option has attempted to allow or enable the Security Manager. Enabling a Security Manager is not supported. at java.lang.System.initPhase3([email protected]/System.java:1947) ``` So this simple PR is a great Java24 compat fix, giving users a choice betwen JRE21 with JSM or JRE24 without. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
epugh commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2901351997 I wonder if we really need to put in warnings? If I am on Java 24, then I'll never go back to 21. And 21 won't be an option in a period of time. And if I care about security and have the ability to make a decision like use Java 21, then I already know that there is no security manager post 21.. I think putting in an open ended warning means that we'll be warning about something that there is not fix for. Java21 isn't a fix. And just makes us look weak/bad. Yeah, Solr on modern Java doesn't have a security manager. So does "Tika on modern Java". So does "Name your other big tool on monder Java". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
reneleonhardt commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2833440091 > No worries at all. This had stalled because of concerns around security without the security manager. But since it's gone in newer JDK versions, that really doesn't matter for this ticket. Will update to remove the gradle changes. When will gradle 8.10.2 be updated (2024-09-23)? JDK 24 requires gradle 8.14: https://github.com/apache/solr/blob/main/gradle/wrapper/gradle-wrapper.jar.version -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
HoustonPutman commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2748615276 No worries at all. This had stalled because of concerns around security without the security manager. But since it's gone in newer JDK versions, that really doesn't matter for this ticket. Will update to remove the gradle changes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
uschindler commented on code in PR #3153:
URL: https://github.com/apache/solr/pull/3153#discussion_r2010356665
##
gradle/testing/randomization.gradle:
##
@@ -204,6 +204,10 @@ allprojects {
if (project.ext.has("useSecurityManager")) {
useSecurityManager = project.ext.get("useSecurityManager")
}
+// Solr does not run with the Security Mangager for Java 24+
Review Comment:
This is obsolete with the simpler PR applied before.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
uschindler commented on code in PR #3153:
URL: https://github.com/apache/solr/pull/3153#discussion_r2010357459
##
build.gradle:
##
@@ -35,6 +35,8 @@ plugins {
}
// Declare default Java versions for the entire project and for SolrJ
separately
+rootProject.ext.currentJavaVersion = JavaVersion.current()
+rootProject.ext.minJavaVersionSolrJ =
JavaVersion.toVersion(libs.versions.java.solrj.get())
Review Comment:
It's no longer needed at all.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
uschindler commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2748422140 > #3284 already updated the tests, so this will mainly be for the startup scripts Sorry, I thought this PR was solved since long time... If you would like to remove the conflict, go ahead! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
HoustonPutman commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2748369656 #3284 already updated the tests, so this will mainly be for the startup scripts -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
dsmiley commented on code in PR #3153:
URL: https://github.com/apache/solr/pull/3153#discussion_r1949516798
##
build.gradle:
##
@@ -35,6 +35,8 @@ plugins {
}
// Declare default Java versions for the entire project and for SolrJ
separately
+rootProject.ext.currentJavaVersion = JavaVersion.current()
+rootProject.ext.minJavaVersionSolrJ =
JavaVersion.toVersion(libs.versions.java.solrj.get())
Review Comment:
duplicates line 41
##
gradle/testing/randomization.gradle:
##
@@ -204,6 +204,10 @@ allprojects {
if (project.ext.has("useSecurityManager")) {
useSecurityManager = project.ext.get("useSecurityManager")
}
+// Solr does not run with the Security Mangager for Java 24+
Review Comment:
```suggestion
// There is no longer a Security Manager in Java 24
```
##
solr/bin/solr:
##
@@ -1155,6 +1155,11 @@ else
REMOTE_JMX_OPTS=()
fi
+# Do not use the java security manager when running Java 24+
+if (( JAVA_VER_NUM >= 24 )) ; then
Review Comment:
could just combine this condition into line 1164. Ideally this changes the
"true" in the default interpretation of that env var to a "false". But it's
fine.
##
solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc:
##
@@ -67,6 +67,10 @@ It is always strongly recommended that you fully reindex
your documents after a
In Solr 8, it was possible to add docValues to a schema without re-indexing
via `UninvertDocValuesMergePolicy`, an advanced/expert utility.
Due to changes in Lucene 9, that isn't possible any more.
+== Solr 9.9
+=== Java Security Manager
+Java removed support for the Security Manager starting with Java 24, therefore
Solr will disable the feature when run with Java 24 or later.
+
Review Comment:
minor: Okay but arguably you didn't have to bother to say this. There's no
action for the user to take. I don't think it's up to Solr to tell people
what's coming/going/happening in the Java ecosystem.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
-
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
uschindler commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2637926350 > > Agree with @epugh - isn't Security Manager all no-ops even with 21 (which IIRC is the minimum Java for Solr 10) > > I've never heard that. Do you have a link for that? No, it isn't. It's fully working in 21. It gets a noop in 24. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
HoustonPutman commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2637917612 > Agree with @epugh - isn't Security Manager all no-ops even with 21 (which IIRC is the minimum Java for Solr 10) I've never heard that. Do you have a link for that? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
madrob commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2632357157 Agree with @epugh - isn't Security Manager all no-ops even with 21 (which IIRC is the minimum Java for Solr 10) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
malliaridis commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r1939602273 ## solr/bin/solr.cmd: ## @@ -94,7 +94,10 @@ IF NOT DEFINED SOLR_SSL_RELOAD_ENABLED ( set "SOLR_SSL_RELOAD_ENABLED=true" ) -REM Enable java security manager by default (limiting filesystem access and other things) +REM Enable java security manager by default for Java 23 and before (limiting filesystem access and other things) +IF !JAVA_MAJOR_VERSION! GEQ "24" ( Review Comment: I've tested again the Windows script changes, seems like the condition is always true, regardless the java version. This should fix the issue: ```suggestion IF !JAVA_MAJOR_VERSION! GEQ 24 ( ``` Note that it matter whether you set `JAVA_HOME` or update the `PATH` variable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
Re: [PR] SOLR-17641: Disable the Security Manager for Java 24+ [solr]
epugh commented on PR #3153: URL: https://github.com/apache/solr/pull/3153#issuecomment-2628951104 It's great that you made the disabling conditional on Java 24+. I wonder though if we are better served just removing it completely from Solr 10, regardless of version of Java? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] - To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
