Skip to content
Snippets Groups Projects
Commit a4f34c99 authored by Demian Katz's avatar Demian Katz
Browse files

Workarounds for CVE-2017-12629. 

- Thanks to Jason Cooper for the patch.
parent ec80c41d
No related merge requests found
Hide whitespace changes
Inline Side-by-side
solr.bat
+ 1
1
View file @ a4f34c99
...@@ -80,7 +80,7 @@ if not "!%SOLR_PORT%!"=="!!" goto solrportset ...@@ -80,7 +80,7 @@ if not "!%SOLR_PORT%!"=="!!" goto solrportset
set SOLR_PORT=8080 set SOLR_PORT=8080
:solrportset :solrportset
call %SOLR_BIN%\solr.cmd %1 %SOLR_ADDITIONAL_START_OPTIONS% -p %SOLR_PORT% -s %SOLR_HOME% -m %SOLR_HEAP% -a "-Dsolr.log=%SOLR_LOGS_DIR% %SOLR_ADDITIONAL_JVM_OPTIONS%" call %SOLR_BIN%\solr.cmd %1 %SOLR_ADDITIONAL_START_OPTIONS% -p %SOLR_PORT% -s %SOLR_HOME% -m %SOLR_HEAP% -a "-Ddisable.configEdit=true -Dsolr.log=%SOLR_LOGS_DIR% %SOLR_ADDITIONAL_JVM_OPTIONS%"
goto end goto end
:usage :usage
......
solr.sh
+ 1
1
View file @ a4f34c99
...@@ -81,4 +81,4 @@ then ...@@ -81,4 +81,4 @@ then
fi fi
export SOLR_LOGS_DIR=$SOLR_LOGS_DIR export SOLR_LOGS_DIR=$SOLR_LOGS_DIR
"$SOLR_BIN/solr" "$1" ${SOLR_ADDITIONAL_START_OPTIONS} -p "$SOLR_PORT" -s "$SOLR_HOME" -m "$SOLR_HEAP" -a "-Dsolr.log=$SOLR_LOGS_DIR $SOLR_ADDITIONAL_JVM_OPTIONS" "$SOLR_BIN/solr" "$1" ${SOLR_ADDITIONAL_START_OPTIONS} -p "$SOLR_PORT" -s "$SOLR_HOME" -m "$SOLR_HEAP" -a "-Ddisable.configEdit=true -Dsolr.log=$SOLR_LOGS_DIR $SOLR_ADDITIONAL_JVM_OPTIONS"
solr/vufind/authority/conf/solrconfig.xml
+ 4
1
View file @ a4f34c99
...@@ -550,7 +550,10 @@ ...@@ -550,7 +550,10 @@
<queryResponseWriter name="xslt" class="org.apache.solr.response.XSLTResponseWriter"> <queryResponseWriter name="xslt" class="org.apache.solr.response.XSLTResponseWriter">
<int name="xsltCacheLifetimeSeconds">5</int> <int name="xsltCacheLifetimeSeconds">5</int>
</queryResponseWriter> </queryResponseWriter>
<!-- Mitigate CVE-2017-12629 -->
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin"/>
<!-- config for the admin interface --> <!-- config for the admin interface -->
<admin> <admin>
<defaultQuery>shakespeare</defaultQuery> <defaultQuery>shakespeare</defaultQuery>
......
solr/vufind/biblio/conf/solrconfig.xml
+ 3
0
View file @ a4f34c99
...@@ -707,6 +707,9 @@ ...@@ -707,6 +707,9 @@
<int name="xsltCacheLifetimeSeconds">5</int> <int name="xsltCacheLifetimeSeconds">5</int>
</queryResponseWriter> </queryResponseWriter>
<!-- Mitigate CVE-2017-12629 -->
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin"/>
<!-- config for the admin interface --> <!-- config for the admin interface -->
<admin> <admin>
<defaultQuery>shakespeare</defaultQuery> <defaultQuery>shakespeare</defaultQuery>
......
solr/vufind/reserves/conf/solrconfig.xml
+ 3
0
View file @ a4f34c99
...@@ -555,6 +555,9 @@ ...@@ -555,6 +555,9 @@
<int name="xsltCacheLifetimeSeconds">5</int> <int name="xsltCacheLifetimeSeconds">5</int>
</queryResponseWriter> </queryResponseWriter>
<!-- Mitigate CVE-2017-12629 -->
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin"/>
<!-- config for the admin interface --> <!-- config for the admin interface -->
<admin> <admin>
<defaultQuery>shakespeare</defaultQuery> <defaultQuery>shakespeare</defaultQuery>
......
solr/vufind/website/conf/solrconfig.xml
+ 3
0
View file @ a4f34c99
...@@ -644,6 +644,9 @@ ...@@ -644,6 +644,9 @@
<int name="xsltCacheLifetimeSeconds">5</int> <int name="xsltCacheLifetimeSeconds">5</int>
</queryResponseWriter> </queryResponseWriter>
<!-- Mitigate CVE-2017-12629 -->
<queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin"/>
<!-- config for the admin interface --> <!-- config for the admin interface -->
<admin> <admin>
<defaultQuery>shakespeare</defaultQuery> <defaultQuery>shakespeare</defaultQuery>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment