Security Contact for Solr?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Security Contact for Solr?

Sven Blumenstein
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Kevin Risden-3
From [1] If you believe you have discovered a vulnerability in Lucene or Solr, please follow these ASF guidelines [2] for reporting it.


Kevin Risden


On Thu, Mar 7, 2019 at 3:24 PM Sven Blumenstein <[hidden email]> wrote:
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Christine Poerschke (BLOOMBERG/ LONDON)
In reply to this post by Sven Blumenstein
Thanks for your question Sven!

I wonder if/how we could make the two links Kevin shared more discoverable from the Solr website, something on the Community [3] page perhaps somehow?

[3] http://lucene.apache.org/solr/community.html

From: [hidden email] At: 03/07/19 20:29:18
To: [hidden email]
Subject: Re: Security Contact for Solr?

From [1] If you believe you have discovered a vulnerability in Lucene or Solr, please follow these ASF guidelines [2] for reporting it.


Kevin Risden


On Thu, Mar 7, 2019 at 3:24 PM Sven Blumenstein <[hidden email]> wrote:
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Sven Blumenstein
In reply to this post by Kevin Risden-3
That was what I was looking for, I must have missed that page. Thank you!

On 7 Mar 2019, at 21:29, Kevin Risden <[hidden email]> wrote:

From [1] If you believe you have discovered a vulnerability in Lucene or Solr, please follow these ASF guidelines [2] for reporting it.


Kevin Risden


On Thu, Mar 7, 2019 at 3:24 PM Sven Blumenstein <[hidden email]> wrote:
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Martin Gainty
In reply to this post by Sven Blumenstein
svan-

BECAUSE solr can deploy to n number of containers
Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have  omitted a few implementation containers)
Implementing comprehensive PKI Infrastructure is heavily dependent on the container solr is deployed to

i have  a few spare cycles to help out if need be

martin-


From: [hidden email] <[hidden email]> on behalf of Sven Blumenstein <[hidden email]>
Sent: Thursday, March 7, 2019 3:24 PM
To: [hidden email]
Subject: Security Contact for Solr?
 
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Ishan Chattopadhyaya
Please send your security reports here ^


On Fri, Mar 8, 2019 at 7:37 AM Martin Gainty <[hidden email]> wrote:
svan-

BECAUSE solr can deploy to n number of containers
Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have  omitted a few implementation containers)
Implementing comprehensive PKI Infrastructure is heavily dependent on the container solr is deployed to

i have  a few spare cycles to help out if need be

martin-


From: [hidden email] <[hidden email]> on behalf of Sven Blumenstein <[hidden email]>
Sent: Thursday, March 7, 2019 3:24 PM
To: [hidden email]
Subject: Security Contact for Solr?
 
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security Contact for Solr?

Gus Heck
In reply to this post by Martin Gainty
The only supported j2ee container for recent versions is the bundled jetty. 

On Thu, Mar 7, 2019, 9:08 PM Martin Gainty <[hidden email]> wrote:
svan-

BECAUSE solr can deploy to n number of containers
Jetty/Tomcat/Docker/Websphere/Weblogic (i'm certain i have  omitted a few implementation containers)
Implementing comprehensive PKI Infrastructure is heavily dependent on the container solr is deployed to

i have  a few spare cycles to help out if need be

martin-


From: [hidden email] <[hidden email]> on behalf of Sven Blumenstein <[hidden email]>
Sent: Thursday, March 7, 2019 3:24 PM
To: [hidden email]
Subject: Security Contact for Solr?
 
Hi .*,

what is the proper contact for reporting security vulnerabilities in Solr? Do you have a security@ address or a non-public mailing list/bug component? Unfortunately I could not find any information in that regard on the Solr website, hence my reach out to this mailing list.

Thanks!


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]