gerlowskija commented on PR #2875: URL: https://github.com/apache/solr/pull/2875#issuecomment-2517757987
Alright - merged! Thanks all for the reviews! We'll still need to decide whether to remove the last remnants of the "trusted" configset code, which this PR mostly leaves in tact since several components (e.g. ScriptUpdateProcessorFactory, XSLTUpdateRequestHandler) still rely on this distinction even with the `<lib>` code removed. My vote would be to tear it out. All the places it's still used require the toggling of a module at startup (`SOLR_MODULES=scripting`), and I'm not sure that "trusted"-ness adds any value on top of that. Particularly given how many gaps have been found over time in the "trusted-config" code. But I'll make that case in its own JIRA ticket and we can discuss there... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
