[
https://issues.apache.org/jira/browse/SOLR-14886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721804#comment-17721804
]
Isabelle Giguere commented on SOLR-14886:
-----------------------------------------
Hi [~gerlowskija]
Thank you for your interest in this ticket.
I understand what you are saying, about Solr being an open source project,
where everything is available to anyone...
However, because Solr is redistributed as part of some proprietary solutions,
the code shown in the stack trace may actually be part of an "in-house" plugin.
I hope you understand that, depending on what such plugins do, and the
information they are meant to deal with, they can't all be given to the
community.
Should such plugins be coded well enough to avoid security gaps? Well, yes.
But, we are talking about HTTP 500 errors here. The catch-all that nobody
though about.
In any case, I would remind you that the proposed solution is a configuration
setting. No change in Solr's behavior, by default.
> Suppress stack trace in Query response.
> ---------------------------------------
>
> Key: SOLR-14886
> URL: https://issues.apache.org/jira/browse/SOLR-14886
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 8.6.2
> Reporter: Vrinda Davda
> Priority: Minor
> Attachments: SOLR-14886.patch, SOLR-14886.patch
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently there is no way to suppress the stack trace in solr response when
> it throws an exception, like when a client sends a badly formed query string,
> or exception with status 500 It sends full stack trace in the response.
> I would propose a configuration for error messages so that the stack trace is
> not visible to avoid any sensitive information in the stack trace.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
