mirror of https://github.com/apache/lucene.git
e77027dd8c
The solr permissions are weak sauce due to the huge number of features, third-party dependencies, etc. Hence they have access to do many things. For "scripting" such as velocity we have to look at a more aggressive stance: Step 1: Can we wrap a sandbox around the whole goddamn thing and call it a day? Step 2: Let's separate the "engine" from "untrusted code" and only be an asshole to the latter. Step 3: Java's security is shit, Lets contain that classloader and whitelist access. |
||
|---|---|---|
| .. | ||
| analysis-extras | ||
| analytics | ||
| clustering | ||
| dataimporthandler | ||
| dataimporthandler-extras | ||
| extraction | ||
| jaegertracer-configurator | ||
| langid | ||
| ltr | ||
| prometheus-exporter | ||
| velocity | ||
| contrib-build.xml | ||