Security release Lucene/Solr 6.6.3

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Security release Lucene/Solr 6.6.3

Joel Bernstein
I wanted to see if anyone objects to a 6.6.3 release which has the commits from the following jira:


The issue is that currently in the 6x releases you can only store the SSL keystore and truststore passwords in plain text on disk. I believe this is a serious enough security issue to warrant a bug fix release.

I can do the back ports and volunteer to release manage. 


Reply | Threaded
Open this post in threaded view
|

Re: Security release Lucene/Solr 6.6.3

Ishan Chattopadhyaya
+1

On Thu, Jan 4, 2018 at 12:02 AM, Joel Bernstein <[hidden email]> wrote:
I wanted to see if anyone objects to a 6.6.3 release which has the commits from the following jira:


The issue is that currently in the 6x releases you can only store the SSL keystore and truststore passwords in plain text on disk. I believe this is a serious enough security issue to warrant a bug fix release.

I can do the back ports and volunteer to release manage. 



Reply | Threaded
Open this post in threaded view
|

Re: Security release Lucene/Solr 6.6.3

Anshum Gupta-3
In reply to this post by Joel Bernstein
+1!

-Anshum



On Jan 3, 2018, at 10:32 AM, Joel Bernstein <[hidden email]> wrote:

I wanted to see if anyone objects to a 6.6.3 release which has the commits from the following jira:


The issue is that currently in the 6x releases you can only store the SSL keystore and truststore passwords in plain text on disk. I believe this is a serious enough security issue to warrant a bug fix release.

I can do the back ports and volunteer to release manage. 




signature.asc (891 bytes) Download Attachment