HoustonPutman commented on code in PR #4193:
URL: https://github.com/apache/solr/pull/4193#discussion_r2962137982
##########
solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/ZkMaintenanceUtils.java:
##########
@@ -443,13 +433,9 @@ public static void downloadFromZK(SolrZkClient zkClient,
String zkPath, Path fil
if (children.size() == 0) {
// If we didn't copy data down, then we also didn't create the file.
But we still need a
// marker on the local disk so create an empty file.
- if (isFileForbiddenInConfigSets(zkPath)) {
Review Comment:
Ahhh ok, so I remember why I protected this as well. Back then, we would
have been worried that attackers could have already uploaded malicious
configSets via the API before this fix was made. So checking the zk downloads
made it so that upgrading Solr would protect you even if you had already been
"compromised". Since this would only bee affecting Solr 10, I think the risk
vector is much lower. So I'm totally okay removing the check from downloads
from ZK.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
