Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,800 Commits 29 Branches 469 Tags 611 MiB
Commit Graph

32800 Commits

Author SHA1 Message Date
Mike 155ab116a2
Revert "SOLR-13990: Switch out woodstox-core-asl with aalto-xml and upgrade woodstox stax-2 API (#1050)" (#1063) 
This reverts commit 2387bb9d60.
 2019-12-06 17:08:40 -06:00
Jason Gerlowski 62e0222aef SOLR-13087: Remove 'whoami' usage in bin/solr 
whoami displays a warning if the effective-uid is not in /etc/password.
This can happen in certain situations when running in a docker
container.  This replaces the 'whoami' usage with a safer check.
 2019-12-06 15:31:37 -05:00
Dawid Weiss 519ed997da Enable solr testing with solr security manager. 2019-12-06 19:25:57 +01:00
Dawid Weiss 37263176cb Enable security manager for the replicator module. The test policy for the replicator duplicates everything the regular policy has and just adds those nasty jetty-specific sections. Easier to diff/ spot the difference. 2019-12-06 19:04:07 +01:00
Dawid Weiss 0d18581225 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-06 19:02:26 +01:00
Dawid Weiss a7444f7af4 LUCENE-9077: Add support for running under gradle test runner. 2019-12-06 19:00:50 +01:00
Erick Erickson 106b9d6866 SOLR-13988: Harden CreateCollectionCleanupTest 2019-12-06 11:59:53 -05:00
Dawid Weiss 3e4d8a17ac Initial support for running with security manager (lucene). 2019-12-06 17:08:14 +01:00
Dawid Weiss daa0779ff4 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-06 16:32:15 +01:00
Dawid Weiss 9ec8a86d69 LUCENE-9077: Add support for running under gradle test runner. 2019-12-06 16:31:32 +01:00
Kevin Risden dad933b933
SOLR-14001: fix HdfsBackupRepositoryTest on windows 
Signed-off-by: Kevin Risden <krisden@apache.org>
 2019-12-06 09:49:13 -05:00
Dawid Weiss de8a37ee72 Adding woodstox temporarily so that tests pass. 2019-12-06 13:37:48 +01:00
Dawid Weiss 226f5490a0 Correct lucene version passed to tests to be stripped of qualifiers. 2019-12-06 13:05:10 +01:00
Dawid Weiss 8e81037180 Merging with master, updating deps. 2019-12-06 12:16:07 +01:00
Dawid Weiss f371df327f Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-06 11:57:29 +01:00
Dawid Weiss cd7fd6d750 Clean up test property passing and move a number of properties and randomizations from common.build (ant counterpart) 2019-12-06 11:55:53 +01:00
Jan Høydahl 7417fa1cf3
SOLR-13954: Embedded ZooKeeper in Solr now does not try to load JettyAdminServer (#1059) 2019-12-06 11:03:23 +01:00
Robert Muir 33ca971d2b SOLR-14020: move hadoop hacks out of lucene TestSecurityManager into a solr one 2019-12-05 14:53:23 -05:00
Andrzej Bialecki d2b01ef28f SOLR-13831: Context property _loop_iter_ should be a string in order to support 
variable expansion.
 2019-12-05 18:27:12 +01:00
Anshum Gupta 2387bb9d60
SOLR-13990: Switch out woodstox-core-asl with aalto-xml and upgrade woodstox stax-2 API (#1050) 2019-12-05 18:37:53 +05:30
Dawid Weiss 62a810cda7 Fail the build if --tests filter is applied and no tests execute during the entire build (this allows for an empty set of filtered tests at single project level). 2019-12-05 13:23:43 +01:00
Dawid Weiss 1a24ccb4ee Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-05 11:17:34 +01:00
Dawid Weiss bf7d115414 Generate hardware-specific defaults for gradle parallelism on the first build run (any task). Add some explanations on how to tweak local settings even further (gradlew :helpLocalSettings 2019-12-05 11:14:09 +01:00
Robert Muir e77027dd8c SOLR-13993: sandbox velocity template render (if security manager is enabled) 
The solr permissions are weak sauce due to the huge number of features, third-party dependencies, etc.

Hence they have access to do many things. For "scripting" such as velocity we have to look at a more aggressive stance:

Step 1: Can we wrap a sandbox around the whole goddamn thing and call it a day?
Step 2: Let's separate the "engine" from "untrusted code" and only be an asshole to the latter.
Step 3: Java's security is shit, Lets contain that classloader and whitelist access.
 2019-12-05 01:06:38 -05:00
Munendra S N 12e8cca644 SOLR-11706: add support for aggregation on multivalued fields 
* min, max, sum, sumsq, avg, stddev, variance, percentile aggregations
  in JSON facets now supports multivalued fields
 2019-12-05 10:48:22 +05:30
Robert Muir c4126ef858 SOLR-14015: remove blanket filesystem read access from solr-tests.policy 
Restrict this to only minimal paths like lucene. It is the defense for directory traversal attacks.
It will also help find bad bugs where things are reading filesystem in the wrong locations.
 2019-12-04 23:16:19 -05:00
Andrzej Bialecki f71c2c8e92 SOLR-13981: Remove unused DistributedQueue interface. (Andras Salamon) 2019-12-04 11:23:49 +01:00
Ishan Chattopadhyaya 2096b1a52e Add back-compat indices for 8.3.1 2019-12-04 10:17:27 +05:30
Ishan Chattopadhyaya 98c427f48a Add bugfix version 8.3.1 2019-12-04 10:07:08 +05:30
Ishan Chattopadhyaya 3ee7a960b8 DOAP changes for release 8.3.1 2019-12-04 09:59:12 +05:30
Robert Muir 8f6921d47b SOLR-14001: fix HDFS jaas on 32bit, unix, old jdk, etc 2019-12-03 23:12:27 -05:00
Robert Muir becc16fb28 SOLR-14002: fix another static leak in test 2019-12-03 22:43:11 -05:00
Robert Muir 165529767b SOLR-14000: clean up more static field leaks in tests 
On windows, these objects can't be inspected due to security restrictions. So the test runner fails the tests since it does not know how big the leak is.
 2019-12-03 18:51:00 -05:00
Jeff 16f793915e SOLR-13926: javadocs on CompositeIdRouter 
Closes #1009
 2019-12-03 17:43:01 -05:00
Dawid Weiss 64e1499bc7 Add verification check that gradle and ant rules are in sync. 2019-12-03 23:08:57 +01:00
Anshum Gupta 09df6647ac
SOLR-13998: Add thread safety annotations to classes (#1053) 2019-12-04 01:19:56 +05:30
Dawid Weiss 7c26c6de02 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-03 18:45:12 +01:00
Dawid Weiss 85e0e4fb75 Add a workaround for the problem of forbiddenApis not running upon changing just the rules/ rulesets. 2019-12-03 18:41:11 +01:00
David Smiley 323b214dc3 GitHub PR template: inform committers this can be removed 2019-12-03 12:23:30 -05:00
Dawid Weiss b451f7a79c Explicitly assign 1g to the build process. 2019-12-03 15:27:56 +01:00
Dawid Weiss 0247f02a70 Only apply log4j rules to Solr. 2019-12-03 15:18:10 +01:00
Dawid Weiss a6d6d633d5 Apply servlet APIs to just Solr. 2019-12-03 14:43:50 +01:00
Dawid Weiss 6461909129 Port forbidden APIs. See gradlew :helpForbiddenApis to see how rules are applied automatically based on the set of dependencies of a project. 2019-12-03 14:40:35 +01:00
Dawid Weiss 49bab132b1 Applying two forbidden api check violations (applied to master). 2019-12-03 14:26:02 +01:00
Dawid Weiss 0f61aa9516 Forbidden APIs: add missing root locale. 2019-12-03 13:07:23 +01:00
Dawid Weiss 6f0842eaa5 Use toLowerCase with an explicit locale in CheckLinksAndAnchors. 2019-12-03 13:01:43 +01:00
Robert Muir 9e5d11be8a fix static leaks, null stuff out in afterclass 2019-12-03 06:28:19 -05:00
Robert Muir c8c9c10023 SOLR-13982: set security-related http response headers by default 
Unfortunately, as a first start this is very weak protection against
e.g. XSS.  This is because some 'unsafe-xxx' rules must be present due
to the insecurity of angular JS: Until SOLR-13987 is fixed, XSS & co are
still easy.
 2019-12-03 06:12:33 -05:00
Dawid Weiss 0d7336db9d Moved gradle fragments under ci/ and maven/ for clarity. 2019-12-03 12:10:13 +01:00
Adrien Grand 441abb8319 Fix CHANGES formatting. 2019-12-03 11:28:36 +01:00