AnsweredAssumed Answered

Webinspect scan corrupts lucene indexes

Question asked by chicks on Jun 3, 2009
Latest reply on Jun 5, 2009 by mikeh
We're moving Alfresco Labs 3.0Final to QC.  Security folks scanned with Webinspect.  After backup last night, Alfresco didn't start, complaining about invalid protocol in lucene index tree.  Sure enough, there are multiple nonsense directories under lucene-indexes and backup-lucene-indexes, like "http" and many with garbage characters.  Somehow, Alfresco, possibly in one or more of the sample web scripts, allowed the scan to create bogus directories in the lucene index trees.  Instead of simply ignoring these, Alfresco refuses to start up.

We had to drop the indexes and rebuild them on startup, an unacceptable process.  We'll try deleting the sample web scripts, hoping that this will prevent the issue.  However, it's obviously an oversight on the part of Alfresco's QC - surely they have run security scans on Alfresco, hard to believe this issue hasn't cropped up before.

Thanks for any insight into resolving this MAJOR issue.

Outcomes