From 7b313bb597a6d1f78773dc9c00f484c078a46c25 Mon Sep 17 00:00:00 2001 From: Uwe Schindler Date: Fri, 13 Oct 2017 13:48:18 +0200 Subject: [PATCH] SOLR-11482: RunExecutableListener was removed for security reasons --- solr/CHANGES.txt | 7 + .../solr/collection1/conf/solrconfig.xml | 25 --- .../solr/collection1/conf/solrconfig.xml | 18 --- .../uima/solr/collection1/conf/solrconfig.xml | 25 --- .../uima/uima-tokenizers-solrconfig.xml | 27 +--- .../solr/core/RunExecutableListener.java | 148 ------------------ .../conf/solrconfig-analytics-query.xml | 17 -- .../conf/solrconfig-collapseqparser.xml | 17 -- .../collection1/conf/solrconfig-elevate.xml | 17 -- .../conf/solrconfig-plugcollector.xml | 16 -- .../solr/collection1/conf/solrconfig.xml | 17 -- .../configsets/_default/conf/solrconfig.xml | 23 --- .../managed-schema | 25 --- .../solrconfig.xml | 69 -------- .../apache/solr/cloud/TestConfigSetsAPI.java | 12 -- .../example-DIH/solr/db/conf/solrconfig.xml | 23 --- .../example-DIH/solr/mail/conf/solrconfig.xml | 23 --- .../example-DIH/solr/solr/conf/solrconfig.xml | 23 --- solr/example/files/conf/solrconfig.xml | 23 --- .../configsets/_default/conf/solrconfig.xml | 23 --- .../conf/solrconfig.xml | 23 --- solr/solr-ref-guide/src/configsets-api.adoc | 1 - .../src/updatehandlers-in-solrconfig.adoc | 18 +-- 23 files changed, 10 insertions(+), 610 deletions(-) delete mode 100644 solr/core/src/java/org/apache/solr/core/RunExecutableListener.java delete mode 100644 solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/managed-schema delete mode 100644 solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/solrconfig.xml diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 9101440c703..28fea4e47b5 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -96,6 +96,10 @@ Upgrade Notes * SOLR-10962: in the ReplicationHandler the master.commitReserveDuration sub-element is deprecated. Instead please configure a direct commitReserveDuration element for use in all modes (master, slave, cloud). +* SOLR-11482: RunExecutableListener was removed for security reasons. If you want to listen to + events caused by updates, commits, or optimize, write your own listener as native Java class + as part of a Solr plugin. + New Features ---------------------- * SOLR-10339: New set-trigger and remove-trigger APIs for autoscaling. (shalin) @@ -368,6 +372,9 @@ Other Changes * SOLR-11306: Fix inaccurate comments on docValues and StrField in the example schemas (Tom Burton-West, Jason Gerlowski, Varun Thacker) +* SOLR-11482: RunExecutableListener was removed for security reasons. (Michael Stepankin, + Olga Barinova, Uwe Schindler, Tomás Fernández Löbbe) + ================== 7.0.1 ================== Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release. diff --git a/solr/contrib/clustering/src/test-files/clustering/solr/collection1/conf/solrconfig.xml b/solr/contrib/clustering/src/test-files/clustering/solr/collection1/conf/solrconfig.xml index 8d0f82e5bed..5ff42541ed4 100644 --- a/solr/contrib/clustering/src/test-files/clustering/solr/collection1/conf/solrconfig.xml +++ b/solr/contrib/clustering/src/test-files/clustering/solr/collection1/conf/solrconfig.xml @@ -63,31 +63,6 @@ --> - - - - diff --git a/solr/contrib/extraction/src/test-files/extraction/solr/collection1/conf/solrconfig.xml b/solr/contrib/extraction/src/test-files/extraction/solr/collection1/conf/solrconfig.xml index 4dbf0828a6a..faffeb82789 100644 --- a/solr/contrib/extraction/src/test-files/extraction/solr/collection1/conf/solrconfig.xml +++ b/solr/contrib/extraction/src/test-files/extraction/solr/collection1/conf/solrconfig.xml @@ -40,24 +40,6 @@ --> - - - - diff --git a/solr/contrib/uima/src/test-files/uima/solr/collection1/conf/solrconfig.xml b/solr/contrib/uima/src/test-files/uima/solr/collection1/conf/solrconfig.xml index 96392d3f9e0..776de398cad 100644 --- a/solr/contrib/uima/src/test-files/uima/solr/collection1/conf/solrconfig.xml +++ b/solr/contrib/uima/src/test-files/uima/solr/collection1/conf/solrconfig.xml @@ -101,31 +101,6 @@ --> - - - - - - - - - - - + - - - ${solr.ulog.dir:} diff --git a/solr/core/src/test-files/solr/collection1/conf/solrconfig-collapseqparser.xml b/solr/core/src/test-files/solr/collection1/conf/solrconfig-collapseqparser.xml index 65820e04022..1edaa865ab8 100644 --- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-collapseqparser.xml +++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-collapseqparser.xml @@ -62,23 +62,6 @@ --> - - - ${solr.ulog.dir:} diff --git a/solr/core/src/test-files/solr/collection1/conf/solrconfig-elevate.xml b/solr/core/src/test-files/solr/collection1/conf/solrconfig-elevate.xml index 083333cf6b5..1c8e10fd07b 100644 --- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-elevate.xml +++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-elevate.xml @@ -43,23 +43,6 @@ --> - - - diff --git a/solr/core/src/test-files/solr/collection1/conf/solrconfig-plugcollector.xml b/solr/core/src/test-files/solr/collection1/conf/solrconfig-plugcollector.xml index 431447ceb65..25071a51946 100644 --- a/solr/core/src/test-files/solr/collection1/conf/solrconfig-plugcollector.xml +++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig-plugcollector.xml @@ -60,22 +60,6 @@ 3600000 --> - - ${solr.ulog.dir:} diff --git a/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml b/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml index 6528abad706..3393f9f5ad8 100644 --- a/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml +++ b/solr/core/src/test-files/solr/collection1/conf/solrconfig.xml @@ -73,23 +73,6 @@ 3600000 --> - - - ${solr.ulog.dir:} diff --git a/solr/core/src/test-files/solr/configsets/_default/conf/solrconfig.xml b/solr/core/src/test-files/solr/configsets/_default/conf/solrconfig.xml index 3b110820705..49f3a38e65d 100644 --- a/solr/core/src/test-files/solr/configsets/_default/conf/solrconfig.xml +++ b/solr/core/src/test-files/solr/configsets/_default/conf/solrconfig.xml @@ -331,29 +331,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/managed-schema b/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/managed-schema deleted file mode 100644 index 9e2f9471026..00000000000 --- a/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/managed-schema +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - diff --git a/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/solrconfig.xml b/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/solrconfig.xml deleted file mode 100644 index 46838416c41..00000000000 --- a/solr/core/src/test-files/solr/configsets/upload/with-run-executable-listener/solrconfig.xml +++ /dev/null @@ -1,69 +0,0 @@ - - - - - - - - - ${solr.data.dir:} - - - - ${tests.luceneMatchVersion:LATEST} - - - - ${solr.commitwithin.softcommit:true} - - - - /var/opt/resin3/__PORT__/scripts/solr/snapshooter - /var/opt/resin3/__PORT__ - true - arg1 arg2 - MYVAR=val1 - - - - - - explicit - true - text - - - - - - - - - diff --git a/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java b/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java index d59b6eae2b1..374e27a0e1c 100644 --- a/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java +++ b/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java @@ -327,18 +327,6 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 { createCollection("newcollection", "regular" + suffix, 1, 1, solrCluster.getSolrClient()); } - @Test - public void testUploadWithRunExecutableListener() throws Exception { - String suffix = "-untrusted"; - uploadConfigSet("with-run-executable-listener", suffix, null, null); - // try to create a collection with the uploaded configset - CollectionAdminResponse resp = createCollection("newcollection3", "with-run-executable-listener" + suffix, 1, 1, solrCluster.getSolrClient()); - log.info("Client saw errors: "+resp.getErrorMessages()); - assertTrue(resp.getErrorMessages() != null && resp.getErrorMessages().size() > 0); - assertTrue(resp.getErrorMessages().getVal(0). - contains("The configset for this collection was uploaded without any authentication")); - } - @Test public void testUploadWithScriptUpdateProcessor() throws Exception { for (boolean withAuthorization: Arrays.asList(false, true)) { diff --git a/solr/example/example-DIH/solr/db/conf/solrconfig.xml b/solr/example/example-DIH/solr/db/conf/solrconfig.xml index 6b53a95d8c9..1ffbbe817f8 100644 --- a/solr/example/example-DIH/solr/db/conf/solrconfig.xml +++ b/solr/example/example-DIH/solr/db/conf/solrconfig.xml @@ -321,29 +321,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/example/example-DIH/solr/mail/conf/solrconfig.xml b/solr/example/example-DIH/solr/mail/conf/solrconfig.xml index ba7f2e1c164..770b0fd870d 100644 --- a/solr/example/example-DIH/solr/mail/conf/solrconfig.xml +++ b/solr/example/example-DIH/solr/mail/conf/solrconfig.xml @@ -324,29 +324,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/example/example-DIH/solr/solr/conf/solrconfig.xml b/solr/example/example-DIH/solr/solr/conf/solrconfig.xml index 745e57597d2..3f00141340f 100644 --- a/solr/example/example-DIH/solr/solr/conf/solrconfig.xml +++ b/solr/example/example-DIH/solr/solr/conf/solrconfig.xml @@ -321,29 +321,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/example/files/conf/solrconfig.xml b/solr/example/files/conf/solrconfig.xml index 748bd0f221e..bca0df80286 100644 --- a/solr/example/files/conf/solrconfig.xml +++ b/solr/example/files/conf/solrconfig.xml @@ -322,29 +322,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/server/solr/configsets/_default/conf/solrconfig.xml b/solr/server/solr/configsets/_default/conf/solrconfig.xml index 3b110820705..49f3a38e65d 100644 --- a/solr/server/solr/configsets/_default/conf/solrconfig.xml +++ b/solr/server/solr/configsets/_default/conf/solrconfig.xml @@ -331,29 +331,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/server/solr/configsets/sample_techproducts_configs/conf/solrconfig.xml b/solr/server/solr/configsets/sample_techproducts_configs/conf/solrconfig.xml index 65750c24e0a..6fc1bd2ba6c 100644 --- a/solr/server/solr/configsets/sample_techproducts_configs/conf/solrconfig.xml +++ b/solr/server/solr/configsets/sample_techproducts_configs/conf/solrconfig.xml @@ -336,29 +336,6 @@ postCommit - fired after every commit or optimize command postOptimize - fired after every optimize command --> - - - diff --git a/solr/solr-ref-guide/src/configsets-api.adoc b/solr/solr-ref-guide/src/configsets-api.adoc index ee4f24cb5c1..ef67781e033 100644 --- a/solr/solr-ref-guide/src/configsets-api.adoc +++ b/solr/solr-ref-guide/src/configsets-api.adoc @@ -155,7 +155,6 @@ http://localhost:8983/solr/admin/configs?action=LIST Upload a ConfigSet, sent in as a zipped file. Please note that a ConfigSet is uploaded in a "trusted" mode if authentication is enabled and this upload operation is performed as an authenticated request. Without authentication, a ConfigSet is uploaded in an "untrusted" mode. Upon creation of a collection using an "untrusted" ConfigSet, the following functionality would not work: - * RunExecutableListener does not initialize, if specified in the ConfigSet. * DataImportHandler's ScriptTransformer does not initialize, if specified in the ConfigSet. * XSLT transformer (tr parameter) cannot be used at request processing time. * StatelessScriptUpdateProcessor does not initialize, if specified in the ConfigSet. diff --git a/solr/solr-ref-guide/src/updatehandlers-in-solrconfig.adoc b/solr/solr-ref-guide/src/updatehandlers-in-solrconfig.adoc index 1d0a5cf0b5f..082ccf988da 100644 --- a/solr/solr-ref-guide/src/updatehandlers-in-solrconfig.adoc +++ b/solr/solr-ref-guide/src/updatehandlers-in-solrconfig.adoc @@ -91,22 +91,8 @@ With this configuration, when you call `commitWithin` as part of your update mes The UpdateHandler section is also where update-related event listeners can be configured. These can be triggered to occur after any commit (`event="postCommit"`) or only after optimize commands (`event="postOptimize"`). -Users can write custom update event listener classes, but a common use case is to run external executables via the `RunExecutableListener`: - -`exe`:: -The name of the executable to run. It should include the path to the file, relative to Solr home. - -`dir`:: -The directory to use as the working directory. The default is the current directory ("."). - -`wait`:: -Forces the calling thread to wait until the executable returns a response. The default is `true`. - -`args`:: -Any arguments to pass to the program. The default is none. - -`env`:: -Any environment variables to set. The default is none. +Users can write custom update event listener classes in Solr plugins. As of Solr 7.1, +`RunExecutableListener` was removed for security reasons. == Transaction Log