[
https://issues.apache.org/jira/browse/SOLR-14593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17437671#comment-17437671
]
Jan Høydahl commented on SOLR-14593:
------------------------------------
[~ichattopadhyaya] will you try to get this in as a bugfix tomorrow, before
8.11 RC1? Else we can target a quick 8.11.1..
> Package store API to disable file upload over HTTP
> --------------------------------------------------
>
> Key: SOLR-14593
> URL: https://issues.apache.org/jira/browse/SOLR-14593
> Project: Solr
> Issue Type: Task
> Reporter: Noble Paul
> Priority: Critical
>
> h2. Why?
> Users installing third party plugins from external repos trust the public
> keys of that repository owner. Anyone who has a private key to that repo will
> be able to push any executable binary into such a cluster using the HTTP
> upload endpoints. These executables will remain trusted.
> h3. Solution: Disable uploading jars over HTTP (they can be downloaded via
> CLI by the user)
> * {{/cluster/files/*}} endpoint will stop accepting files. That end-point
> will not exist
> * All jar files will need to be uploaded using the CLI. The CLI has access
> to a physical file system where it copies the jar file to
> {{$SOLR_HOME/filestore/*}} and issues the sync command. The sync command asks
> other nodes to sync the jar file from this local node. (This is how the keys
> are distributed today)
> h2. Is this backward compatible?
> No. For anyone using the internal APIs only to deploy, their packages will
> stop working. Anyone using the CLI will have the same experience and they do
> not need to make any changes to their workflow. All packages that are
> currently installed will continue to work fine
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
