[
https://issues.apache.org/jira/browse/SOLR-16155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jerry Chung updated SOLR-16155:
-------------------------------
Description:
org.apache.solr.update.DocumentBuilder throws exceptions with field values on
errors, which could reveal customer's sensitive data on log files and UI.
Field values shouldn't be included in the error messages.
The latest code still logging document content from JavabinLoader on error:
[https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/handler/loader/JavabinLoader.java#L127]
was:
org.apache.solr.update.DocumentBuilder throws exceptions with field values on
errors, which could reveal customer's sensitive data on log files and UI.
Field values shouldn't be included in the error messages.
> DocumentBuilder should not include field values in error messages
> -----------------------------------------------------------------
>
> Key: SOLR-16155
> URL: https://issues.apache.org/jira/browse/SOLR-16155
> Project: Solr
> Issue Type: Bug
> Components: logging
> Affects Versions: 8.11.1, 9.6.1
> Reporter: Jerry Chung
> Assignee: Jan Høydahl
> Priority: Critical
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> org.apache.solr.update.DocumentBuilder throws exceptions with field values on
> errors, which could reveal customer's sensitive data on log files and UI.
> Field values shouldn't be included in the error messages.
>
> The latest code still logging document content from JavabinLoader on error:
> [https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/handler/loader/JavabinLoader.java#L127]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
