lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mayers, Josh" <>
Subject RE: Vulnerability found in SOLR
Date Wed, 16 Apr 2014 19:48:28 GMT
Thank you both, Gentlemen – I’ve reported to





From: Shalin Shekhar Mangar [] 
Sent: Wednesday, April 16, 2014 2:44 PM
Cc: Mayers, Josh
Subject: Re: Vulnerability found in SOLR


It's best to report vulnerabilities to the private email.




On Thu, Apr 17, 2014 at 12:07 AM, Per Steffensen <> wrote:


I am not a member of the Solr core - committers etc. I have just provided some patches around
security for Solr. None of the security work I have done introduces or removes XSS vulnerabilities.
If you have found an issue I suggest you start by write about it at one of the mailing lists or Later (or maybe already now, if you
are sure this is a real issue) you should create a JIRA issue at
You need to be on the mailing lists in order to be able to send a mail to them, but just go
ahead and subscribe. You need to create a user-account in JIRA in order to be able to create
an issue, but just go ahead and do that.

Regards, Per Steffensen

On 15/04/14 20:05, Mayers, Josh wrote:

Per –


I’ve found an XSS vulnerability in Solr, and am looking for the right person to discuss
it with and get it resolved. I found your name and email address on the Solr Security web
page ( .. can you point me in the right direction?





Josh Mayers

Senior Information Assurance Engineer

The MITRE Corporation

202 Burlington Road MS M300, Bedford MA 01730-1420





Shalin Shekhar Mangar. 

View raw message