[
https://issues.apache.org/jira/browse/SOLR-16155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl reassigned SOLR-16155:
----------------------------------
Assignee: (was: Jan Høydahl)
> DocumentBuilder should not include field values in error messages
> -----------------------------------------------------------------
>
> Key: SOLR-16155
> URL: https://issues.apache.org/jira/browse/SOLR-16155
> Project: Solr
> Issue Type: Bug
> Components: logging
> Affects Versions: 8.11.1, 9.6.1
> Reporter: Jerry Chung
> Priority: Critical
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> org.apache.solr.update.DocumentBuilder throws exceptions with field values on
> errors, which could reveal customer's sensitive data on log files and UI.
> Field values shouldn't be included in the error messages.
>
> The latest code still logging document content from JavabinLoader on error:
> [https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/handler/loader/JavabinLoader.java#L127]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
