Download org.apache.solr

This would result in incorrect authorization resolution on the receiving hosts. Fix for a SolrJ backwards compatibility issue when upgrading the server to 8. Users are encouraged to use 8. Solr has been a Lucene sub-project since its incubation in , governed by the Lucene PMC, and has since the 3. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL.

Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites. Reducing overseer bottlenecks using per-replica states. More stability and lesser load on large cluster that use this feauture. Better restart and collection creation performance. Each of these take a location parameter, which was not validated, i. Solr 8. This release contains no change over 8.

The release is available for immediate download at:. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.

Defining a response writer requires configuration API access. Mitigation: Ensure your network settings are configured so that only trusted traffic communicates with Solr, especially to the configuration APIs. Description: The 8. If you use the default solr.

If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server. The vulnerability is already public [1] and mitigation steps were announced on project mailing lists and news page [3] on August 14th, without mentioning RCE at that time.

Mitigation: Make sure your effective solr. Note that the effective solr. You can then validate that the 'com. Remember to follow the Solr Documentation's advice to never expose Solr nodes directly in a hostile network environment. Description: Solr versions prior to 5. Description: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter.

Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document e. This leads to waste of resources on both-sides and long GC-pause.

Nested documents AKA child documents or block join is significantly improved. Most improvements come from storing and leveraging more information about the relationships in the index, like the named relationship between a child and its parent. This information is used by the [child] doc transformer to return children in nested form instead of flat. There is plenty more that can be done with this in the future. Another key improvement is that nested documents can be deleted or replaced in a natural way without orphaning child documents; although care is still needed with delete-by-query.

Being a major release, Solr 8 removes many deprecated APIs, changes various parameter defaults and behavior. Some changes may require a re-index of your content. You are thus encouraged to thoroughly read the "Upgrade Notes" at:.

By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. Solr 7. Bugfix: Autoscaling based replica placement was broken out of the box. Due to these reasons, this issue reverts the default replica placement policy to the 'legacy' assignment policy that was the default until Solr 7.

Description: The "shards" parameter does not have a corresponding whitelist mechanism, so it can request any URL. Mitigation: Upgrade to Apache Solr 7. Furthermore, this release includes Apache Lucene 7. Description: The details of this vulnerability were reported to the Apache Security mailing list. See [1] for more details. Mitigation: Users are advised to upgrade to either Solr 6. Once upgrade is complete, no other steps are required. Those releases disable external entities in anonymous XML files passed through this request parameter.

If users are unable to upgrade to Solr 6. Alternatively, if Solr instances are only used locally without access to public internet, the vulnerability cannot be used directly, so it may not be required to update, and instead reverse proxies or Solr client applications should be guarded to not allow end users to inject dataConfig request parameters.

Please refer to [2] on how to correctly secure Solr servers. The Apache Solr Reference Guide for 7. Description: Apache Solr uses Apache Tika for parsing binary file types such as doc, xls, pdf etc. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized.

Mitigation: Users are advised to upgrade to either Solr 5. Solr 5. RunExecutableListener has been disabled by default can be enabled by -Dsolr. Furthermore, this release includes Apache Lucene 5. Fix for a bug where Solr was attempting to load the same core twice Error message: "Lock held by this virtual machine". Description: The details of this vulnerability were reported on public mailing lists.

It can also be used as Blind XXE using ftp wrapper in order to read arbitrary local files from the solr server. The second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

At the time of the above report, this was a 0-day vulnerability with a working exploit affecting the versions of Solr mentioned in the previous section. However, mitigation steps were announced to protect Solr users the same day. This will disallow any changes to be made to your configurations via the Config API.

This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to your config. For example, adding the following to the solrconfig. Critical Security Update: Fix for CVE which is a working 0-day exploit reported on the public mailing list.

Auto-scaling: Solr can now move replicas automatically when a new node is added or an existing node is removed using the auto scaling policy framework introduced in 7. Auto-scaling: The 'autoAddReplicas' feature which was limited to shared file systems is now available for all file systems. It has been ported to use the new autoscaling framework internally. Auto-scaling: New set-trigger, remove-trigger, set-listener, remove-listener, suspend-trigger, resume-trigger APIs.

Furthermore, this is the first time Solr has out of the box support for polygons. Expanded support for statistical stream evaluators such as various distributions, rank correlations, distances and more. Please secure your Solr servers since a zero-day exploit has been reported on a public mailing list. This has been assigned a public CVE CVE which we will reference in future communication about resolution and mitigation steps.

Until fixes are available, all Solr users are advised to restart their Solr instances with the system property -Ddisable. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.

This is sufficient to protect you from this type of attack, but means you cannot use the edit capabilities of the Config API until the other fixes described below are in place.

We will also determine mitigation steps for users on earlier versions, which may include a 6. The RunExecutableListener will be removed in 7. It was previously used by Solr for index replication but has been replaced and is no longer needed.

The 7. Message "Lock held by this virtual machine" during startup. Solr is trying to start some cores twice. This 1,page PDF is the definitive guide to Solr. This version adds documentation for new features of Solr, plus detailed information about changes and deprecations you should know about when upgrading from Solr 6.

Replica Types - Solr 7 supports different replica types, which handle updates differently. Solr can now allocate new replicas to nodes using a new auto scaling policy framework. This framework will in future releases enable Solr to move shards around based on load, disk etc. Streaming Expressions adds a new statistical programming syntax for the statistical analysis of sql queries, random samples, time series and graph result sets.

Analytics Component version 2. CVE Security vulnerability in kerberos delegation token functionality. Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application.

Firstly, access to the security configuration can be leaked to users other than the solr super user. Solr 6. SolrJmxReporter is broken on core reload. This resulted in some or most metrics not being reported via JMX after core reloads, depending on timing.

Furthermore, this release includes Apache Lucene 6. Description: Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster.

Users who only use SSL without basic authentication or those who use Kerberos are not affected. CartesianProductStream, which turns a single tuple with a multi-valued field into N tuples, one for each value in the multi-valued field.

Fixed, and enhanced the generated query to not pollute the queryCache. In-place updates to numeric docValues fields single valued, non-stored, non-indexed supported using atomic update syntax. A new significantTerms Streaming Expression that is able to extract the significant terms in an index. Metrics API now supports non-numeric metrics version, disk type, component state, system properties The DirectUpdateHandler2 now implements MetricsProducer and exposes stats via the metrics api and configured reporters.

MMapDirectoryFactory now supports "preload" option to ask mapped pages to be loaded into physical memory on init. Javadocs and Changes. Fixed: Serious performance degradation in Solr 6. IndexWriter metrics collection turned off by default, directory level metrics collection completely removed until a better design is found. However, Solr did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed.

Added "param" query type to facet domain filter specification to obtain filters via query parameters. Any facet command can be filtered using a new parameter filter. A new highlighter: The Unified Highlighter. Try it via hl. It's the highest performing highlighter, especially for large documents.

Please use this new highlighter and report issues since it will likely become the default one day. Leading wildcard in complexphrase query parser are now accepted and optimized with the ReversedWildcardFilterFactory when it's provided. A new document processor 'SkipExistingDocumentsProcessor' that skips duplicate inserts and ignores updates to missing docs.

FieldCache information fetched via the mbeans handler or seen via the UI now displays the total size used. Please note, this release cannot be built from source with Java 8 update , use an earlier version instead! This is caused by a bug introduced into the Javadocs tool shipped with that update.

The workaround was too late for this Lucene release. Of course, you can use the binary artifacts. Retrieving docValues as stored values was sped up by using the proper leaf reader rather than ask for a global view. In extreme cases, this leads to a x speedup. Mitigation: Any of the following are enough to prevent this vulnerability for Solr servers:.

The Log4J security page refers to setting log4j2. In reality, it depends. We've looked at the root cause and audited the code paths that lead to the vulnerability, and we feel confident in this mitigation being sufficient for Solr. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.

Prior to this bug getting fixed, it did not. Description: When starting Apache Solr versions prior to 8. This would result in incorrect authorization resolution on the receiving hosts. Each of these take a location parameter, which was not validated, i. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.

Defining a response writer requires configuration API access. Solr 8. Mitigation: Ensure your network settings are configured so that only trusted traffic communicates with Solr, especially to the configuration APIs. Description: The 8. If you use the default solr. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.

The vulnerability is already public [1] and mitigation steps were announced on project mailing lists and news page [3] on August 14th, without mentioning RCE at that time. Mitigation: Make sure your effective solr. Note that the effective solr. You can then validate that the 'com. Remember to follow the Solr Documentation's advice to never expose Solr nodes directly in a hostile network environment.

Description: Solr versions prior to 5. Description: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Description: The "shards" parameter does not have a corresponding whitelist mechanism, so it can request any URL.

Mitigation: Upgrade to Apache Solr 7. Description: The details of this vulnerability were reported to the Apache Security mailing list. See [1] for more details. Mitigation: Users are advised to upgrade to either Solr 6. Once upgrade is complete, no other steps are required. Those releases disable external entities in anonymous XML files passed through this request parameter. If users are unable to upgrade to Solr 6. Alternatively, if Solr instances are only used locally without access to public internet, the vulnerability cannot be used directly, so it may not be required to update, and instead reverse proxies or Solr client applications should be guarded to not allow end users to inject dataConfig request parameters.