Thank you both, Gentlemen – I’ve reported to [email protected]
Thanks Josh From: Shalin Shekhar Mangar [mailto:[email protected]] Sent: Wednesday, April 16, 2014 2:44 PM To: [email protected] Cc: Mayers, Josh Subject: Re: Vulnerability found in SOLR It's best to report vulnerabilities to the private [email protected] email. See https://www.apache.org/security/ On Thu, Apr 17, 2014 at 12:07 AM, Per Steffensen <[email protected]> wrote: Hi I am not a member of the Solr core - committers etc. I have just provided some patches around security for Solr. None of the security work I have done introduces or removes XSS vulnerabilities. If you have found an issue I suggest you start by write about it at one of the mailing lists [email protected] or [email protected]. Later (or maybe already now, if you are sure this is a real issue) you should create a JIRA issue at https://issues.apache.org/jira/browse/SOLR. You need to be on the mailing lists in order to be able to send a mail to them, but just go ahead and subscribe. You need to create a user-account in JIRA in order to be able to create an issue, but just go ahead and do that. Regards, Per Steffensen On 15/04/14 20:05, Mayers, Josh wrote: Per – I’ve found an XSS vulnerability in Solr, and am looking for the right person to discuss it with and get it resolved. I found your name and email address on the Solr Security web page (https://wiki.apache.org/solr/SolrSecurity) .. can you point me in the right direction? Thanks Josh Josh Mayers Senior Information Assurance Engineer The MITRE Corporation 202 Burlington Road MS M300, Bedford MA 01730-1420 . -- Regards, Shalin Shekhar Mangar.
smime.p7s
Description: S/MIME cryptographic signature
