From 30069e13f56b5f7836eb86cf8a69d2ff963a489e Mon Sep 17 00:00:00 2001
From: Robert Muir <rmuir@apache.org>
Date: Tue, 24 Dec 2019 06:41:14 -0800
Subject: [PATCH] SOLR-13984: docs, changes.txt

---
 solr/CHANGES.txt                           | 3 +++
 solr/solr-ref-guide/src/securing-solr.adoc | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 8b5989d7fe2..36b626dba17 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -90,6 +90,9 @@ Improvements
   SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
   Solr based on IP addresses/networks. (rmuir)
 
+* SOLR-13984: Java's SecurityManager sandbox can be enabled via environment variable,
+  SOLR_SECURITY_MANAGER_ENABLED=true. (rmuir)
+
 Optimizations
 ---------------------
 (No changes)
diff --git a/solr/solr-ref-guide/src/securing-solr.adoc b/solr/solr-ref-guide/src/securing-solr.adoc
index b2d87037094..976a6b81348 100644
--- a/solr/solr-ref-guide/src/securing-solr.adoc
+++ b/solr/solr-ref-guide/src/securing-solr.adoc
@@ -62,3 +62,7 @@ Audit logging will record an audit trail of incoming reqests to your cluster, su
 
 ZooKeeper is a central and important part of a SolrCloud cluster and understanding how to secure
 its content is covered in the <<zookeeper-access-control.adoc#zookeeper-access-control,ZooKeeper Access Control>> page.
+
+== Enable Security Manager
+
+Solr can run in a Java Security Manager sandbox by setting `SOLR_SECURITY_MANAGER_ENABLED=true` via environment variable or in `solr.in.sh`/`solr.in.cmd`. This feature is incompatible with Hadoop.