> For example, I opened some patches to improve solr's security because its
currently an RCE-fest. I'm gonna wait a couple days, if nobody says
anything about these patches I opened for Solr, I'm gonna fucking commit
them: someone needs to address this stuff. Why should I wait weeks/months
for some explicit review? There is repeated RCE happening, how the hell
could I make anything worse?
+1 Robert, totally agree. RCE etc should be absolutely top priority. Thanks
a ton for tackling this. Breaking functionality (not deliberately of
course) is better than having RCEs in a release. IOW, it can't get worse.
On Mon, 2 Dec, 2019, 3:03 PM Robert Muir, <[EMAIL PROTECTED]> wrote: