[
https://issues.apache.org/jira/browse/SOLR-14886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17720644#comment-17720644
]
Isabelle Giguere commented on SOLR-14886:
-----------------------------------------
Update: this issue is in OWASP top 10 2021 at #5
https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
OWASP top 10 2021 is the latest as of now.
> Suppress stack trace in Query response.
> ---------------------------------------
>
> Key: SOLR-14886
> URL: https://issues.apache.org/jira/browse/SOLR-14886
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 8.6.2
> Reporter: Vrinda Davda
> Priority: Minor
> Attachments: SOLR-14886.patch, SOLR-14886.patch
>
>
> Currently there is no way to suppress the stack trace in solr response when
> it throws an exception, like when a client sends a badly formed query string,
> or exception with status 500 It sends full stack trace in the response.
> I would propose a configuration for error messages so that the stack trace is
> not visible to avoid any sensitive information in the stack trace.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
