[SOLR-16781] Remove <lib> directives from Solr - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: main (10.0), 9.8
Component/s: None
Labels:
- pull-request-available

Description

<lib> directives in solrconfig.xml used to be recommended way for including additional jar files to the classpath for a particular collection or collections.

For context: This feature required complex handling of "trusted" vs "non-trusted" configsets in configset upload API to keep Solr secure (i.e. to stop RCE attacks for non-authentication enabled deployments). This security feature also broke down recently due to a bug in Schema designer (~~SOLR-16777~~).

Supported alternatives exist that are safer:

user can add the jar files to Solr's classpath
use packages to use custom jars per collection

In the light of these, there's no need to continue to support the <lib> directive going forward.

I propose to remove the <lib> directives handling and functionality through this issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-16781.patch
06/Nov/23 12:39
4 kB
Ishan Chattopadhyaya
SOLR-16781-1.patch
06/Nov/23 12:44
4 kB
Ishan Chattopadhyaya
SOLR-16781-2.patch
06/Nov/23 17:50
10 kB
Ishan Chattopadhyaya

Issue Links

duplicates

SOLR-6681 remove <lib> configurations from solrconfig.xml and eliminate per core class loading

Open

links to

GitHub Pull Request #2875

GitHub Pull Request #2894

GitHub Pull Request #2897

Activity

People

Assignee:: Jason Gerlowski

Reporter:: Ishan Chattopadhyaya

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 02/May/23 00:57

Updated:: 28/Jan/25 22:17

Resolved:: 04/Dec/24 16:18

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 40m