lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mayers, Josh" <jmay...@mitre.org>
Subject RE: Vulnerability found in SOLR
Date Wed, 16 Apr 2014 19:48:28 GMT
Thank you both, Gentlemen – I’ve reported to security@apache.org

 

Thanks

Josh

 

From: Shalin Shekhar Mangar [mailto:shalinmangar@gmail.com] 
Sent: Wednesday, April 16, 2014 2:44 PM
To: dev@lucene.apache.org
Cc: Mayers, Josh
Subject: Re: Vulnerability found in SOLR

 

It's best to report vulnerabilities to the private security@apache.org email.

 

See https://www.apache.org/security/

 

On Thu, Apr 17, 2014 at 12:07 AM, Per Steffensen <steff@designware.dk> wrote:

Hi

I am not a member of the Solr core - committers etc. I have just provided some patches around
security for Solr. None of the security work I have done introduces or removes XSS vulnerabilities.
If you have found an issue I suggest you start by write about it at one of the mailing lists
dev@lucene.apache.org or solr-user@lucene.apache.org. Later (or maybe already now, if you
are sure this is a real issue) you should create a JIRA issue at https://issues.apache.org/jira/browse/SOLR.
You need to be on the mailing lists in order to be able to send a mail to them, but just go
ahead and subscribe. You need to create a user-account in JIRA in order to be able to create
an issue, but just go ahead and do that.

Regards, Per Steffensen

On 15/04/14 20:05, Mayers, Josh wrote:

Per –

 

I’ve found an XSS vulnerability in Solr, and am looking for the right person to discuss
it with and get it resolved. I found your name and email address on the Solr Security web
page (https://wiki.apache.org/solr/SolrSecurity) .. can you point me in the right direction?

 

Thanks

Josh

 

Josh Mayers

Senior Information Assurance Engineer

The MITRE Corporation

202 Burlington Road MS M300, Bedford MA 01730-1420

.

 

 





 

-- 
Regards,
Shalin Shekhar Mangar. 


Mime
View raw message