Hi
I am not a member of the Solr core - committers etc. I have just
provided some patches around security for Solr. None of the security
work I have done introduces or removes XSS vulnerabilities. If you have
found an issue I suggest you start by write about it at one of the
mailing lists [email protected] or [email protected].
Later (or maybe already now, if you are sure this is a real issue) you
should create a JIRA issue at
https://issues.apache.org/jira/browse/SOLR. You need to be on the
mailing lists in order to be able to send a mail to them, but just go
ahead and subscribe. You need to create a user-account in JIRA in order
to be able to create an issue, but just go ahead and do that.
Regards, Per Steffensen
On 15/04/14 20:05, Mayers, Josh wrote:
Per --
I've found an XSS vulnerability in Solr, and am looking for the right
person to discuss it with and get it resolved. I found your name and
email address on the Solr Security web page
(https://wiki.apache.org/solr/SolrSecurity) .. can you point me in the
right direction?
Thanks
Josh
//
/Josh Mayers/
/Senior Information Assurance Engineer/
/The MITRE Corporation/
/202 Burlington Road MS M300, Bedford MA 01730-1420/
/./
