首页 > Solr News

釋,Solr News

互联网 2021-04-13 14:49:28
Solr™ News¶

You may also read these news as an ATOM feed.

22 February 2021, Apache Solr™ 8.8.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.8.1.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.8.1 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.8.1 Release Highlights:

Fix for a SolrJ backwards compatibility issue when upgrading the server to 8.8.0 without upgrading SolrJ to 8.8.0. Users are encouraged to use 8.8.1 instead of 8.8.0.

Please refer to the Upgrade Notes in the Solr Ref Guide for information on upgrading from previous Solr versions:

https://solr.apache.org/guide/8_8/solr-upgrade-notes.html

Please read CHANGES.txt for a full list of bugfixes:

https://solr.apache.org/8_8_1/changes/Changes.html

Solr 8.8.1 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_8_1/changes/Changes.html

17 February 2021, Apache Solr becomes an Apache TLP¶

The Apache Software Foundation's board today established Solr as a Top Level Project (TLP).Solr has been a Lucene sub-project since its incubation in 2006, governed by the Lucene PMC,and has since the 3.1 release also shared source code repository with Lucene.

What's the background?

The change was proposed by members of the Lucene PMC, and a vote in June 2020 decidedthat Solr would be a separate TLP. Later, the Lucene PMC decided that the Solr projectwould be bootstrapped with the same set of committers and PMC members as the "mother" Lucene project.

How does this affect users?

The Solr software will not change at all as a result of this, but users will see these changes:

Solr gets a new website at solr.apache.orgSolr gets a new download location in the mirrorsThe email address of the users mailing-list will change, but subscribers will be moved automaticallyHow does this affect developers?

Developers will have to do a number of things to adapt to the change

Subscribe to the new mailing lists. See Mailing Lists & Chat for instructionsStart using the new git location by cloning or defining a new git remoteRealize that lucene will be a build dependency of Solr on the main branch (once the code migration is done)Backported bug fixes for Solr 8.8 must be submitted to the Lucene git, for a joint bugfix release

NOTE: Some things may be in flux during the migration work.

29 January 2021, Apache Solr™ 8.8.0 available¶

29/01/2021, Apache Solr™ 8.8 availableThe Lucene PMC is pleased to announce the release of Apache Solr 8.8

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL. Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

The release is available for immediate download at:

https://solr.apache.org/downloads.html

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/8_8_0/changes/Changes.html

Solr 8.8.0 Release Highlights

Reducing overseer bottlenecks using per-replica states. More stability and lesser load on large cluster that use this feauture. Better restart and collection creation performance

Interleaving support in Learning To Rank

A summary of important changes is published in the Solr Reference Guide at https://solr.apache.org/guide/8_8/solr-upgrade-notes.html. For the most exhaustive list, see the full release notes at https://solr.apache.org/8_8_0/changes/Changes.html or by viewing the CHANGES.txt file accompanying the distribution.Solr's release notes usually don't include Lucene layer changes.Lucene's release notes are at https://lucene.apache.org/core/8_8_0/changes/Changes.html

3 November 2020, Apache Solr™ 8.7.0 available¶

3/11/2020, Apache Solr™ 8.7 availableThe Lucene PMC is pleased to announce the release of Apache Solr 8.7

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL. Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

The release is available for immediate download at:

https://solr.apache.org/downloads.html

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/8_7_0/changes/Changes.html

Solr 8.7.0 Release Highlights

SOLR-14588 -- Circuit Breakers Infrastructure and Real JVM Based Circuit Breaker

SOLR-14615 –- CPU Based Circuit Breaker

SOLR-14537 -- Improve performance of ExportWriter

SOLR-14651 -- The MetricsHistoryHandler Can Be Disabled

A summary of important changes is published in the Solr Reference Guide at https://solr.apache.org/guide/8_7/solr-upgrade-notes.html. For the most exhaustive list, see the full release notes at https://solr.apache.org/8_7_0/changes/Changes.html or by viewing the CHANGES.txt file accompanying the distribution.Solr's release notes usually don't include Lucene layer changes.Lucene's release notes are at https://lucene.apache.org/core/8_7_0/changes/Changes.html

12 October 2020, CVE-2020-13957: The checks added to unauthenticated configset uploads in Apache Solr can be circumvented¶

Severity:High

Versions Affected:6.6.0 to 6.6.67.0.0 to 7.7.38.0.0 to 8.6.2

Description:Solr prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Mitigation:Any of the following are enough to prevent this vulnerability:

Disable UPLOAD command in ConfigSets API if not used by setting the system property: configset.upload.enabled to false (see docs)Use Authentication/Authorization and make sure unknown requests aren't allowed (see docs)Upgrade to Solr 8.6.3 or greater.If upgrading is not an option, consider applying the patch in SOLR-14663No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access

Credit:Tomás Fernández Löbbe, András Salamon

References:SOLR-14925: CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented

7 October 2020, Apache Solr™ 8.6.3 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.6.3.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.6.3 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.6.3 Release Highlights:SOLR-14898: Prevent duplicate header accumulation on internally forwarded requestsSOLR-14768: Fix HTTP multipart POST requests to Solr (8.6.0 regression)SOLR-14859: PrefixTree-based fields now reject invalid schema properties instead of quietly failing certain queriesSOLR-14663: CREATE ConfigSet action now copies base node content

Please refer to the Upgrade Notes in the Solr Ref Guide for information on upgrading from previous Solr versions:

https://solr.apache.org/guide/8_6/solr-upgrade-notes.html

Please read CHANGES.txt for a full list of bugfixes:

https://solr.apache.org/8_6_3/changes/Changes.html

Solr 8.6.3 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_6_3/changes/Changes.html

1 September 2020, Apache Solr™ 8.6.2 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.6.2.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.6.2 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.6.2 Bug Fixes:SOLR-14751: Zookeeper Admin screen not working for old ZK versions.

Please refer to the Upgrade Notes in the Solr Ref Guide for information on upgrading from previous Solr versions:

https://solr.apache.org/guide/8_6/solr-upgrade-notes.html

Please read CHANGES.txt for a full list of bugfixes:

https://solr.apache.org/8_6_2/changes/Changes.html

Solr 8.6.2 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_6_2/changes/Changes.html

14 August 2020, CVE-2020-13941: Apache Solr information disclosure vulnerability¶

Severity: Medium

Versions Affected:Before Solr 8.6.Some risks are specific to Windows.

Description:Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://solr.apache.org/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

On a windows system SMB paths such as \10.0.0.99\share\folder may also be used, leading to:

The possibility of restoring another SolrCore from a server on the network (or mounted remote file system) may lead to:Exposing search index data that the attacker should otherwise not have access toReplacing the index data entirely by loading it from a remote file system that the attacker controlsLaunching SMB attacks which may result in:The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes),In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution

Mitigation:Upgrade to Solr 8.6, and/or ensure only trusted clients can make requests of Solr's replication handler.

Credit:Matei "Mal" Badanoiu

13 August 2020, Apache Solr™ 8.6.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.6.1.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.6.1 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.6.1 Release Highlights:SOLR-14665: Revert SOLR-12845 adding of default autoscaling cluster policy, due to performance issuesSOLR-14671: Parsing dynamic ZK config sometimes cause NumberFormatException

Please refer to the Upgrade Notes in the Solr Ref Guide for information on upgrading from previous Solr versions:

https://solr.apache.org/guide/8_6/solr-upgrade-notes.html

Please read CHANGES.txt for a full list of bugfixes:

https://solr.apache.org/8_6_1/changes/Changes.html

Solr 8.6.1 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_6_1/changes/Changes.html

15 July 2020, Apache Solr™ 8.6.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.6.0.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.6.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.6.0 Release Highlights:Cross-Collection Join Queries: Join queries can now work cross-collection, even when shared or when spanning nodes.Search: Performance improvement for some types of queries when using when exact hit count isn't needed by using BlockMax WAND algorithm.Streaming Expression: Percentiles and standard deviation aggregations added to stats, facet and time series.Streaming expressions added to /export handler.Drill Streaming Expression for efficient and accurate high cardinality aggregation.Package manager: Support for cluster (CoreContainer) level plugins.Health Check: HealthCheckHandler can now require that all cores are healthy before returning OK.Zookeeper read API: A read API at /api/cluster/zk/* to fetch raw ZK data and view contents of a ZK directory.Admin UI: New panel with security info in admin UI's dashboard.Query DSL: Support for {param:ref} and {bool: {excludeTags:""}}Ref Guide: Major redesign of Solr's documentation.

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_6_0/changes/Changes.html

Solr 8.6.0 also includes features, optimizationsand bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_6_0/changes/Changes.html

26 May 2020, Apache Solr™ 8.5.2 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.5.2.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.5.2 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.5.2 Bug Fixes:SOLR-14411: Fix regression from SOLR-14359 (Admin UI 'Select an Option')SOLR-14471: base replica selection strategy not applied to "last place" shards.preference matches

Please read CHANGES.txt for a full list of changes:

https://solr.apache.org/8_5_2/changes/Changes.html

Solr 8.5.2 also includes 1 bugfix in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_5_2/changes/Changes.html

28 April 2020, Apache Solr™ 7.7.3 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.7.3.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 7.7.3 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 7.7.3 Release Highlights:SOLR-13779: Use the safe fork of simple-xml for clustering contribSOLR-13718: SPLITSHARD (async) with failures in underlying sub-operations can result in data lossSOLR-12291: prematurely reporting not yet finished async Collections API call as completed when collection's replicas are collocated at least at one nodeSOLR-13828: Improve ExecutePlanAction error handlingSOLR-13472: Forwarded requests should skip authorization on receiving nodesSOLR-13793: HttpSolrCall now maintains internal request count (_forwardedCount) for remote queries and limits them tothe number of replicas. This avoids making too many cascading calls to remote servers, which, if not restricted, canbring down nodes containing the said collectionSOLR-13971: Velocity response writer's resource loading now possible only through startup parameters. Also, removed velocity response writer from _default configsetSOLR-14025: VelocityResponseWriter has been hardened - only trusted configsets can render configset providedtemplates and rendering templates from request parameters has been removed.SOLR-13158: DataImportHandler: Added enable.dih.dataConfigParam system property to toggle whether the dataConfig paramis permittedSOLR-14259: Fix javabin performance regression fixes

Please read CHANGES.txt for a full list of and changes:

https://solr.apache.org/7_7_3/changes/Changes.html

Solr 7.7.3 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/7_7_3/changes/Changes.html

16 April 2020, Apache Solr™ 8.5.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.5.1

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL. Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

This release contains no change over 8.5.0 for Solr. The release is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.5.1 also includes one bugfix in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_5_1/changes/Changes.html

24 March 2020, Apache Solr™ 8.5.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.5.0.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.5.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.5.0 Release Highlights:A new queries property of JSON Request API let to declare queries in Query DSL format and refer to them by their names.A new command line tool bin/postlogs allows you to index Solr logs into a Solr collection. This is helpful for log analysis and troubleshooting. Documentation is not yet integrated into the Solr Reference Guide, but is available in a branch via GitHub: https://github.com/apache/lucene-solr/blob/visual-guide/solr/solr-ref-guide/src/logs.adoc.A new stream decorator delete() is available to help solve some issues with traditional delete-by-query, which can be expensive in large indexes.Solr now has the ability to run with a Java Security Manager enabled.

Please read CHANGES.txt for a full list of changes:

https://solr.apache.org/8_5_0/changes/Changes.html

Solr 8.5.0 also includes improvements and bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_5_0/changes/Changes.html

13 January 2020, Apache Solr™ 8.4.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.4.1.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.4.1 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.4.1 Release Highlights:Fix for overseer serialization to support rolling upgrade (broken since 8.4)Fix for SSL support with SOLR_SSL_NEED_CLIENT_AUTH (broken since 8.2)Package manager to store public keys in a special "trusted" location instead of in ZooKeeper

Please read CHANGES.txt for a full list of changes:

https://solr.apache.org/8_4_1/changes/Changes.html

Solr 8.4.1 also includesand bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_4_1/changes/Changes.html

30 December 2019, CVE-2019-17558: Apache Solr RCE through VelocityResponseWriter¶

Severity: High

Vendor:The Apache Software Foundation

Versions Affected:5.0.0 to 8.3.1

Description:The affected versions are vulnerable to a Remote Code Execution through theVelocityResponseWriter.A Velocity template can be provided throughVelocity templates in a configset velocity/ directory or as a parameter.A user defined configset could contain renderable, potentially malicious,templates.Parameter provided templates are disabled by default, but canbe enabled by setting params.resource.loader.enabled by defining aresponse writer with that setting set to true.Defining a responsewriter requires configuration API access.

Solr 8.4 removed the params resource loader entirely, and only enables theconfigset-provided template rendering when the configset is trusted (hasbeen uploaded by an authenticated user).

Mitigation:Ensure your network settings are configured so that only trusted trafficcommunicates with Solr, especially to the configuration APIs.

Credit:Github user s00py

References:

https://issues.apache.org/jira/browse/SOLR-13971https://issues.apache.org/jira/browse/SOLR-14025https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity29 December 2019, Apache Solr™ 8.4.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.4.0.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.4.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.4.0 Release Highlights:A new package management system was introduced in order to ease deploying plugins.Better security with the out-of-the-box configuration.

A summary of important changes is published in the Solr Reference Guide at https://solr.apache.org/guide/8_4/solr-upgrade-notes.html.

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_4_0/changes/Changes.html

Solr 8.4.0 also includes features, optimizationsand bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_4_0/changes/Changes.html

3 December 2019, Apache Solr™ 8.3.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.3.1.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.3.1 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.3.1 Release Highlights:JavaBinCodec has concurrent modification of CharArr resulting in corrupt internode updatesfindRequestType in AuditEvent is more robustCoreContainer.auditloggerPlugin is volatile nowVelocity response writer's resource loading now possible only through startup parameters

Please read CHANGES.txt for a full list of changes:

https://solr.apache.org/8_3_1/changes/Changes.html

Solr 8.3.1 also includesand bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_3_1/changes/Changes.html

18 November 2019, CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default¶

Severity:High

Vendor:The Apache Software Foundation

Versions Affected:Solr 8.1.1 and 8.2.0 for Linux

Description:The 8.1.1 and 8.2.0 releases of Apache Solr contain aninsecure setting for the ENABLE_REMOTE_JMX_OPTS configuration optionin the default solr.in.sh configuration file shipping with Solr.

Windows users are not affected.

If you use the default solr.in.sh file from the affected releases, thenJMX monitoring will be enabled and exposed on RMI_PORT (default=18983),without any authentication. If this port is opened for inbound trafficin your firewall, then anyone with network access to your Solr nodeswill be able to access JMX, which may in turn allow them to uploadmalicious code for execution on the Solr server.

The vulnerability is already public [1] and mitigation steps wereannounced on project mailing lists and news page [3] on August 14th,without mentioning RCE at that time.

Mitigation:Make sure your effective solr.in.sh file has ENABLE_REMOTE_JMX_OPTS setto 'false' on every Solr node and then restart Solr. Note that theeffective solr.in.sh file may reside in /etc/defaults/ or anotherlocation depending on the install. You can then validate that the'com.sun.management.jmxremote*' family of properties are not listed inthe "Java Properties" section of the Solr Admin UI, or configured in asecure way.

There is no need to upgrade or update any code.

Remember to follow the Solr Documentation's advice to never expose Solrnodes directly in a hostile network environment.

Credit:Matei "Mal" BadanoiuSolr JIRA user 'jnyryan' (John)

References:[1] https://issues.apache.org/jira/browse/SOLR-13647[3] https://solr.apache.org/news.html

2 November 2019, Apache Solr™ 8.3.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.3.0.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.3.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 8.3.0 Release Highlights:Two dimensional routed aliases are now available for organizing collections based on the data values of two fieldsSPLITSHARD implements a new splitByPrefix option that takes into account the actual document distribution when using compositeIdsQueryElevationComponent can have query rules configured with match="subset" wherein the words need only match a subset of the query's words and in any orderCommand line option to export documents to a fileSupport deterministic replica routing preferences for better cache usageAbility to query aliases in Solr Admin UIJWTAuthPlugin supports multiple JWKS endpoints and multiple IdP issuersJSON faceting now supports arbitrary ranges for range facetsSupport integral plots, cosine distance and string truncation with math expressions (Joel Bernstein)New cat() stream source to create tuples from lines in local filesAdd upper, lower, trim and split Stream EvaluatorsAdd CsvStream, TsvStream Streaming Expressions and supporting Stream EvaluatorsAdd CaffeineCache, an efficient implementation of SolrCacheLive SPLITSHARD can lose updates due to cluster state change between checking if the current shard is active and later checking if there are any sub-shard leaders to forward the update toFix for SPLITSHARD (async) with failures in underlying sub-operations can result in data lossAllow dynamic resizing of SolrCache-sAllow optional redaction of data saved by 'bin/solr autoscaling -save'Optimized large managed schema modifications (internal O(n^2) problem)Max idle time support for SolrCache implementationsAdd Prometheus Exporter GC and Heap optionsSSL: Adding Enabling/Disabling client's hostname verification configIntroducing SolrClient.ping(collection) in SolrJFix for CDCR bootstrap not replicating index to the replicas of target clusterFixed a race condition when initializing metrics for new security plugins on security.json changeFixed JWTAuthPlugin to update metrics prior to continuing w/other filters or returning errorFixed distributed grouping when multiple 'fl' params are specifiedJMX MBeans are not exposed because of race condition between creating platform mbean server and registering mbeansFix for class-cast issues during atomic-update 'removeregex' operationsFix for multi-node race condition to create/remove nodeLost markersFix for too many cascading calls to remote servers, which can bring down nodesFix for MOVEREPLICA ignoring replica type and always adding 'nrt' replicasFix: DistributedZkUpdateProcessor should propagate URP.finish() lifecycle (regression since 8.1)

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_3_0/changes/Changes.html

Solr 8.3.0 also includes features, optimizationsand bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_3_0/changes/Changes.html

9 September 2019, CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0¶

Severity: Medium

Vendor:The Apache Software Foundation

Versions Affected:

1.3.0 to 1.4.13.1.0 to 3.6.24.0.0 to 4.10.4

Description:Solr versions prior to 5.0.0 are vulnerable to an XML resourceconsumption attack (a.k.a. Lol Bomb) via it’s update handler. By leveragingXML DOCTYPE and ENTITY type elements, the attacker can create a patternthat will expand when the server parses the XML causing OOMs

Mitigation:

Upgrade to Apache Solr 5.0 or later.Ensure your network settings are configured so that only trusted traffic is allowed to post documents to the running Solr instances.

Credit:Matei "Mal" Badanoiu

References:

https://issues.apache.org/jira/browse/SOLR-13750https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity14 August 2019, [ANNOUNCE] 8.1.1 and 8.2.0 users check ENABLE_REMOTE_JMX_OPTS setting¶Severity: LowVersions Affected:8.1.1 and 8.2.0 for LinuxDescription:It has been discovered [1] that the 8.1.1 and 8.2.0 releases contain a bad defaultsetting for the ENABLE_REMOTE_JMX_OPTS setting in the default solr.in.sh fileshipping with Solr.Windows users and users with custom solr.in.sh files are not affected.If you are using the default solr.in.sh file from the affected releases, thenJMX monitoring will be enabled and exposed on JMX_PORT (default = 18983),without any authentication. So if your firewalls allows inbound traffic onJMX_PORT, then anyone with network access to your Solr nodes will be able toaccess monitoring data exposed over JMX.Mitigation:Edit solr.in.sh, set ENABLE_REMOTE_JMX_OPTS=false and restart Solr.Alternatively wait for the future 8.3.0 release and upgrade.References:[1] https://issues.apache.org/jira/browse/SOLR-1364731 July 2019, CVE-2019-0193: Apache Solr, Remote Code Execution via DataImportHandler¶

Severity: High

Vendor:The Apache Software Foundation

Versions Affected:

5.0.0 to 5.5.56.0.0 to 6.6.5

Description:The DataImportHandler, an optional but popular module to pull in data fromdatabases and other sources, has a feature in which the whole DIHconfiguration can come from a request's "dataConfig" parameter. The debugmode of the DIH admin screen uses this to allow convenient debugging /development of a DIH config. Since a DIH config can contain scripts, thisparameter is a security risk. Starting with version 8.2.0 of Solr, use ofthis parameter requires setting the Java System propertyenable.dih.dataConfigParam to true.

Mitigation:

Upgrade to 8.2.0 or later, which is secure by default.or, edit solrconfig.xml to configure all DataImportHandler usages with an "invariants" section listing the "dataConfig" parameter set to am empty string.Ensure your network settings are configured so that only trusted traffic communicates with Solr, especially to the DIH request handler.This is a best practice to all of Solr.

Credit:Michael Stepankin (JPMorgan Chase)

References:

https://issues.apache.org/jira/browse/SOLR-13669https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity26 July 2019, Apache Solr™ 8.2.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.2.0

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 8.2.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_2_0/changes/Changes.html

Solr 8.2.0 Release HighlightsNew featuresAdd an update param failOnVersionConflicts=false to updates not fail when there is a version conflictAdd facet2D Streaming Expression.Preferred replicas on nodes with same system properties as the query masterOpenTracing support for SolrRaw index data analysis tool (extension of COLSTATUS collection command).Add recNum Stream Evaluator.Allow zplot to visualize 2D clusters and convex hulls.Add a field type for Estonian language to default managed_schema, document about Estonian language analysis in Solr Ref GuideBug FixesIntermittent 401's for internode requests with basicauth enabled.In 8.1, Atomic Updates were broken (NPE) when the schema declared the new nest_path field even if you weren't using nested docs. In-place updates were not affected (worked)Fix atomic update encoding issue for UUID, enum, bool, and binary fields.Impossible to delete a collection with the same name as an existing alias. This fixes also a bug inREINDEXCOLLECTION when used with removeSource=true which could lead to a data loss.

Solr 8.2.0 also includes many other new features as well as numerous optimizations and bugfixes of the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_2_0/changes/Changes.html

4 June 2019, Apache Solr™ 7.7.2 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.7.2.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 7.7.2 is available for immediate download at:

https://solr.apache.org/downloads.html

Solr 7.7.2 Release Highlights:High CPU usage in Solr due to Java 8 bug (SOLR–13349)Multiplicative query boost in certain conditions not applied (SOLR–13126)InPlace update sometimes fail if schema has a required field (SOLR–11876)Admin UI inaccessible with RuleBasedAuthorizationPlugin (SOLR–13344)MetricsHistoryHandler does not work with BasicAuth (SOLR–12860)ByteArrayUtf8CharSequence cannot be cast to java.lang.String (SOLR–13285)

Please read CHANGES.txt for a full list of and changes:

https://solr.apache.org/7_7_2/changes/Changes.html

Solr 7.7.2 also includes bugfixes in the corresponding Apache Lucene release:

https://lucene.apache.org/core/7_7_2/changes/Changes.html

28 May 2019, Apache Solr™ 8.1.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.1.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 8.1.1 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_1_1/changes/Changes.html

Solr 8.1.1 Release HighlightsFix for a Null Pointer Exception when querying collection through collection alias.16 May 2019, Apache Solr™ 8.1.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.1.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 8.1.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_1_0/changes/Changes.html

Solr 8.1.0 Release HighlightsPartial/Atomic Updates for nested documents. This enables atomic updates for nested documents, without the need to supply the whole nested hierarchy (which would be overwritten if absent).Category Routed Aliases feature introduced for data driven assignment of documents to collections based on values of a fieldJWT Token authentication plugin with OpenID Connect implicit flow login through Admin UIREINDEXCOLLECTION command for re-indexing of existing collectionsCollection RENAME command and support using aliases in most collection admin commandsRead-only mode for SolrCloud collections

Solr 8.1.0 also includes many other new features as well as numerous optimizations and bugfixes of the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_1_0/changes/Changes.html

5 April 2019, Apache Solr™ 6.6.6 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.6

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

Solr 6.6.6 is available for immediate download at:

http://archive.apache.org/dist/lucene/solr/6.6.6

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/6_6_6/changes/Changes.html

Solr 6.6.6 Release Highlights:Fix memory leak (upon collection reload or ZooKeeper session expiry) in ZkIndexSchemaReader.Fix for Rule-based Authorization skipping authorization if querying node host the collection(CVE-2017-3164) Make it possible to configure a host whitelist for distributed search14 March 2019, Apache Solr™ 8.0.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 8.0.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 8.0.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/8_0_0/changes/Changes.html

Solr 8.0.0 Release Highlights

Solr now uses HTTP/2 for inter-node communication to attain greater efficiency.Details:Solr is switching from Apache HttpClient to Jetty Client for adding HTTP/2 support.Most frequent inter-communication between nodes like indexing and query are now sent in HTTP/2.HTTP/1.1 practically allows only one outstanding request per TCP connection this means that for sending multiple requests at the same time multiple TCP connections must be established.This leads to waste of resources on both-sides and long GC-pause.Solr 8 with HTTP/2 support overcomes that problem by allowing multiple requests can be sent in parallel using a same TCP connection.

Nested documents (AKA child documents or block join) is significantly improved.Most improvements come from storing and leveraging more information about the relationships in the index, like the named relationship between a child and its parent.This information is used by the [child] doc transformer to return children in nested form instead of flat.There is plenty more that can be done with this in the future.Another key improvement is that nested documents can be deleted or replaced in a natural way without orphaning child documents; although care is still needed with delete-by-query.

Being a major release, Solr 8 removes many deprecated APIs, changes various parameter defaults and behavior. Some changes may require a re-index of your content.You are thus encouraged to thoroughly read the "Upgrade Notes" at:

https://solr.apache.org/8_0_0/changes/Changes.html

Solr 8.0 also includes many other new features as well as numerous optimizations and bugfixes of the corresponding Apache Lucene release:

https://lucene.apache.org/core/8_0_0/changes/Changes.html

11 March 2019, Apache Solr Reference Guide 7.7 available¶

The Lucene PMC is pleased to announce that the Solr Reference Guide for 7.7 is now available.This 1,431-page PDF is the definitive guide to using Apache Solr, the search server built on Lucene.

The PDF Guide can be downloaded from: https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.7.pdf.It is also available online at https://solr.apache.org/guide/7_7.

6 March 2019, CVE-2019-0192: Deserialization of untrusted data via jmx.serviceUrl in Apache Solr¶

Severity: High

Vendor:The Apache Software Foundation

Versions Affected:

5.0.0 to 5.5.56.0.0 to 6.6.5

Description:ConfigAPI allows to configure Solr's JMX server via an HTTP POST request.By pointing it to a malicious RMI server, an attacker could take advantageof Solr's unsafe deserialization to trigger remote code execution on theSolr side.

Mitigation:Any of the following are enough to prevent this vulnerability:

Upgrade to Apache Solr 7.0 or later.Disable the ConfigAPI if not in use, by running Solr with the system property “disable.configEdit=true”If upgrading or disabling the Config API are not viable options, apply patch in [1] and re-compile Solr.Ensure your network settings are configured so that only trusted traffic is allowed to ingress/egress your hosts running Solr.

Credit:Michael Stepankin

References:

https://issues.apache.org/jira/browse/SOLR-13301https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity1 March 2019, Apache Solr™ 7.7.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.7.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 7.7.1 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_7_1/changes/Changes.html

Solr 7.7.1 Release Highlights:

Bugfix for ClassCastException when URPs try to read a String field which returns a ByteArrayUTF8CHarSequence (a regression in release 7.7.0).

Bugfix: Autoscaling based replica placement was broken out of the box. Solr 7.6 enabled autoscaling based replica placement by default but in the absence of default cluster policies, autoscaling can place more than 1 replica of the same shard on the same node. Also, the maxShardsPerNode and createNodeSet was not respected. Due to these reasons, this issue reverts the default replica placement policy to the 'legacy' assignment policy that was the default until Solr 7.5.

12 February 2019, CVE-2017-3164: SSRF issue in Apache Solr¶

Severity: High

Vendor:The Apache Software Foundation

Versions Affected:Apache Solr versions from 1.3 to 7.6.0

Description:The "shards" parameter does not have a corresponding whitelist mechanism,so it can request any URL.

Mitigation:Upgrade to Apache Solr 7.7.0 or later.Ensure your network settings are configured so that only trusted traffic isallowed to ingress/egress your hosts running Solr.

Credit:dk from Chaitin Tech

References:

https://issues.apache.org/jira/browse/SOLR-12770https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity11 February 2019, Apache Solr™ 7.7.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.7.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 7.7.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_7_0/changes/Changes.html

Solr 7.7.0 Release Highlights:URI Too Long with large streaming expressions in SolrJ.A failure while reloading a SolrCore can result in the SolrCore not being closed.Spellcheck parameters not working in new UI.New Admin UI Query does not URL-encode the query produced in the URL box.Rule-base Authorization plugin skips authorization if querying node does not have collection replica.Solr installer fails on SuSE linux.Fix incorrect SOLR_SSL_KEYSTORE_TYPE variable in solr start script.JSON 'terms' Faceting now supports a 'prelim_sort' option to use when initially selecting the top ranking buckets, prior to the final 'sort' option used after refinement.Add a login page to Admin UI, with initial support for Basic Auth and Kerberos.New Node-level health check handler at /admin/info/healthcheck and /node/health paths that checks if the node is live, connected to zookeeper and not shutdown.It is now possible to configure a host whitelist for distributed search.14 December 2018, Apache Solr™ 7.6.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.6.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 7.6.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_6_0/changes/Changes.html

Solr 7.6.0 Release Highlights:Field and FieldType now support a new uninvertible option to control using costly field cache or more efficient docValues.Collections API has been improved to support adding multiple replicas to a collection shard at a time as well as splitting into multiple sub-shards directly..Autoscaling's suggestions API now include rebalance options as well as suggestions to add new replicas for lost replicas.Several new Stream Evaluators have been added to include: oscillate, convexHull, enclosingDisk, pairSort, log10, percentiles, and pivot for geometric and scientific analysis.UnifiedHighlighter has been improved to support best/perfect highlighting accuracy and full phrase highlighting.24 September 2018, Apache Solr™ 7.5.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.5.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search, dynamic clustering, database integration, rich document(e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing faulttolerant distributed search and indexing, and powers the search and navigation features ofmany of the world's largest internet sites.

Solr 7.5.0 is available for immediate download at:https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_5_0/changes/Changes.html

Solr 7.5.0 Release Highlights:Nested/child documents may now be supplied as a field value instead of stand-off. Future releases will leverage this semantic information.Enhance Autoscaling policy support to equally distribute replicas on the basis of arbitrary properties.Nodes are now visible inside a view of the Admin UI "Cloud" tab, listing nodes and key metrics.The status of zookeeper ensemble is now accessible under the Admin UI Cloud tab.The new Korean morphological analyzer ("nori") has been added to default distribution.3 July 2018, Apache Solr™ 6.6.5 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.5

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

Solr 6.6.5 is available for immediate download at:

http://archive.apache.org/dist/lucene/solr/6.6.5

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/6_6_5/changes/Changes.html

Solr 6.6.5 Release Highlights:Ability to disable configset upload via -Dconfigset.upload.enabled=false startup parameterReferal to external resources in various config files now disallowed27 June 2018, Apache Solr™ 7.4.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.4.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

Solr 7.4.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_4_0/changes/Changes.html

Solr 7.4.0 Release Highlights:A new 'relatedness()' aggregate function for JSON Faceting to enable building Semantic Knowledge Graphs.Added the TaggerRequestHandler (AKA SolrTextTagger) for tagging text. It's used as a component of NER/ERD systems including query-understanding.The "Auto Scaling" feature area has been added to and enhanced a lot.The "Streaming Expressions" feature area has been added to and enhanced a lot.Upgraded from Log4j 1.x to 2.x.Solr continues to log via SLF4J.18 May 2018, Apache Solr™ 6.6.4 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.4

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

This release includes a bug fix since the 6.6.3 release:

Do not allow to use absolute URIs for including other files in solrconfig.xml and schema parsing

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/6.6.4

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/6_6_4/changes/Changes.html

15 May 2018, Apache Solr™ 7.3.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.3.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

This release includes 9 bug fixes since the 7.3.0 release. Some of the major fixes are:

Upgrade commons-fileupload dependency to 1.3.3 to address CVE-2016-1000031Deleting replicas sometimes fails and causes the replicas to exist in the down stateA successful restore collection should mark the shard state as active and not bufferingDo not allow to use absolute URIs for including other files in solrconfig.xml and schema parsing

Furthermore, this release includes Apache Lucene 7.3.1 which includes 1 bugfix since the 7.3.0 release.

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/7.3.1

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/7_3_1/changes/Changes.html

8 April 2018, CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter¶

CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter

Severity: Major

Vendor:The Apache Software Foundation

Versions Affected:

Solr 1.2 to 6.6.2Solr 7.0.0 to 7.2.1

Description:The details of this vulnerability were reported to the Apache Security mailing list.

This vulnerability relates to an XML external entity expansion (XXE) in the&dataConfig= parameter of Solr's DataImportHandler. It can beused as XXE using file/ftp/http protocols in order to read arbitrary localfiles from the Solr server or the internal network. See [1] for more details.

Mitigation:Users are advised to upgrade to either Solr 6.6.3 or Solr 7.3.0 releases bothof which address the vulnerability. Once upgrade is complete, no other stepsare required. Those releases disable external entities in anonymous XML filespassed through this request parameter.

If users are unable to upgrade to Solr 6.6.3 or Solr 7.3.0 then they areadvised to disable data import handler in their solrconfig.xml file andrestart their Solr instances. Alternatively, if Solr instances are only usedlocally without access to public internet, the vulnerability cannot be useddirectly, so it may not be required to update, and instead reverse proxies orSolr client applications should be guarded to not allow end users to injectdataConfig request parameters. Please refer to [2] on how to correctlysecure Solr servers.

Credit:麦 香浓郁

References:

[1] https://issues.apache.org/jira/browse/SOLR-11971[2] https://cwiki.apache.org/confluence/display/solr/SolrSecurity

4 April 2018, Apache Solr™ 7.3.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.3.0

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 7.3.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_3_0/changes/Changes.html

Solr 7.3.0 Release Highlights:OpenNLP request processorsAutomatic time-based collection creationMultivalued primitive fields can be used in sortingSortableTextField allows sorting and faceting on free textNew stream evaluatorsImprovements around leader-initiated recoveryNew autoscaling featuresA Prometheus metrics exporterFiltering with exclusions on parent and child queriesFiltering with exclusions via a new query parserNeural network modelling via learning to rankSolr runs with Java 10

The Apache Solr Reference Guide for 7.3 is also available in PDF form oronline.

7 March 2018, Apache Solr™ 6.6.3 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.3.

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigation featuresof many of the world's largest internet sites.

This release contains three bugfixes:

Disallow reference to external resources in DataImportHandler's dataConfig request parameterAllow collections created with legacyCloud=true to be opened if legacyCloud=falseLeaderInitiatedRecoveryThread now retries on UnknownHostException

The release is available for immediate download at:

https://solr.apache.org/mirrors-solr-redir.html

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/6_6_3/changes/Changes.html

15 January 2018, Apache Solr™ 7.2.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.2.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

This release includes 3 bug fixes since the 7.2.0 release:

Overseer can never process some last messages.

Rename core in solr standalone mode is not persisted.

QueryComponent's rq parameter parsing no longer considers the defType parameter.

Fix NPE in SolrQueryParser when the query terms inside a filter clause reduce to nothing.

Furthermore, this release includes Apache Lucene 7.2.1 which includes 1 bugfix since the 7.2.0 release.

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/7.2.1

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/7_2_1/changes/Changes.html

21 December 2017, Apache Solr™ 7.2.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.2.0

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Solr 7.2.0 is available for immediate download at:

https://solr.apache.org/downloads.html

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_2_0/changes/Changes.html

Solr 7.2.0 Release Highlights:Bi-directional syncing of CDCR clusters is now supported.The new synonymQueryStyle field type option allows for better scoring when terms at the same position are hyponyms/hypernyms rather than synonyms.More stream evaluators, including: matrix operations; spline; derivative; regression; normalization; scaling; correlation; markov chains; time series differencing; and triangular and geometric distributions.The new facet.matches parameter returns facet buckets only for terms that match a regular expression.New Autoscaling features: the autoscaling/suggestions API end-point; the UTILIZENODE command, which moves replicas according to autoscaling policies and preferences; and the Autoscaling set-property command.2 November 2017, Apache Solr Reference Guide for 7.1 available¶

The Lucene PMC is pleased to announce that the Solr Reference Guide for 7.1 is now available.

This 1,077-page PDF is the definitive guide to using Apache Solr, the search server built on Lucene.

The PDF Guide can be downloaded from: https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.1.pdf.

It is also available online at https://solr.apache.org/guide/7_1.

26 October 2017, CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika¶

Severity: Important

Vendor:The Apache Software Foundation

Versions Affected:

Solr 5.0.0 to 5.5.4Solr 6.0.0 to 6.6.1Solr 7.0.0 to 7.0.1

Description:Apache Solr uses Apache Tika for parsing binary file types such asdoc, xls, pdf etc. Apache Tika wraps the jmatio parser(https://github.com/gradusnikov/jmatio) to handle MATLAB files. Theparser uses native deserialization on serialized Java objects embeddedin MATLAB files. A malicious user could inject arbitrary code into aMATLAB file that would be executed when the object is deserialized.

This vulnerability was originally described athttp://mail-archives.apache.org/mod_mbox/tika-user/201611.mbox/%3C2125912914.1308916.1478787314903%40mail.yahoo.com%3E

Mitigation:Users are advised to upgrade to either Solr 5.5.5 or Solr 6.6.2 or Solr 7.1.0releases which have fixed this vulnerability.

Solr 5.5.5 upgrades the jmatio parser to v1.2 and disables the Javadeserialisation support to protect against this vulnerability.

Solr 6.6.2 and Solr 7.1.0 have upgraded the bundled Tika to v1.16.

Once upgrade is complete, no other steps are required.

References:

https://issues.apache.org/jira/browse/SOLR-11486https://issues.apache.org/jira/browse/SOLR-10335https://cwiki.apache.org/confluence/display/solr/SolrSecurity24 October 2017, Apache Solr™ 5.5.5 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL. Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

This release contains one bugfix.

This release includes one critical and one important security fix. Details:

Fix for a 0-day exploit (CVE-2017-12629), details: https://s.apache.org/FJDl. RunExecutableListener has been disabled by default (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving external entities in the XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by default.

Fix for CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr, details: https://s.apache.org/APTY

Furthermore, this release includes Apache Lucene 5.5.5 which includes one security fix since the 5.5.4 release.

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/5_5_5/changes/Changes.html

18 October 2017, Apache Solr™ 6.6.2 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.2

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search and analytics, rich document parsing, geospatial search, extensive REST APIs as well as parallel SQL. Solr is enterprise grade, secure and highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

Highlights for this Solr release includes:

Critical security fix: Fix for a 0-day exploit (CVE-2017-12629), details: https://s.apache.org/FJDl. RunExecutableListener has been disabled by default (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving external entities in the XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by default.

Fix for a bug where Solr was attempting to load the same core twice (Error message: "Lock held by this virtual machine").

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/6.6.2

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/6_6_2/changes/Changes.html

18 October 2017, Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)¶

Severity:Critical

Vendor:The Apache Software Foundation

Versions Affected:

Solr 5.5.0 to 5.5.4Solr 6.0.0 to 6.6.1Solr 7.0.0 to 7.0.1

Description:The details of this vulnerability were reported on public mailinglists. See https://s.apache.org/FJDl

The first vulnerability relates to XML external entity expansion inthe XML Query Parser which is available, by default, for any queryrequest with parameters deftype=xmlparser. This can be exploited toupload malicious data to the /upload request handler. It can also beused as Blind XXE using ftp wrapper in order to read arbitrary localfiles from the solr server.

The second vulnerability relates to remote code execution using theRunExecutableListener available on all affected versions of Solr.

At the time of the above report, this was a 0-day vulnerability with aworking exploit affecting the versions of Solr mentioned in theprevious section. However, mitigation steps were announced to protectSolr users the same day. Seehttps://solr.apache.org/news.html#12-october-2017-please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list

Mitigation:Users are advised to upgrade to either Solr 6.6.2 or Solr 7.1.0releases both of which address the two vulnerabilities. Once upgrade iscomplete, no other steps are required.

If users are unable to upgrade to Solr 6.6.2 or Solr 7.1.0 then theyare advised to restart their Solr instances with the system parameter-Ddisable.configEdit=true. This will disallow any changes to be madeto your configurations via the Config API. This is a key factor inthis vulnerability, since it allows GET requests to add theRunExecutableListener to your config. Users are also advised to re-mapthe XML Query Parser to another parser to mitigate the XXEvulnerability. For example, adding the following to the solrconfig.xmlfile re-maps the xmlparser to the edismax parser:

Credit:

Michael Stepankin (JPMorgan Chase)Olga Barinova (Gotham Digital Science)

References:

https://issues.apache.org/jira/browse/SOLR-11482https://issues.apache.org/jira/browse/SOLR-11477https://cwiki.apache.org/confluence/display/solr/SolrSecurity17 October 2017, Apache Solr™ 7.1.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.1.0

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/7.1.0

Please read CHANGES.txt for a full list of new features and changes:

https://solr.apache.org/7_1_0/changes/Changes.html

Highlights for this Solr release include:

Critical Security Update: Fix for CVE-2017-12629 which is a working 0-day exploit reported on the public mailing list.

Auto-scaling: Solr can now move replicas automatically when a new node is added or an existing node is removed using the auto scaling policy framework introduced in 7.0

Auto-scaling: The 'autoAddReplicas' feature which was limited to shared file systems is now available for all file systems. It has been ported to use the new autoscaling framework internally.

Auto-scaling: New set-trigger, remove-trigger, set-listener, remove-listener, suspend-trigger, resume-trigger APIs

Auto-scaling: New /autoscaling/history API to show past autoscaling actions and cluster events

New JSON based Query DSL for Solr that extends JSON Request API to also support all query parsers and their nested parameters

JSON Facet API: min/max aggregations are now supported on single-valued date fields

Lucene's Geo3D (surface of sphere & ellipsoid) is now supported on spatial RPT fields by setting spatialContextFactory="Geo3D". Furthermore, this is the first time Solr has out of the box support for polygons

Expanded support for statistical stream evaluators such as various distributions, rank correlations, distances and more.

Multiple other optimizations and bug fixes

You are encouraged to thoroughly read the "Upgrade Notes" at https://solr.apache.org/7_1_0/changes/Changes.html or in the CHANGES.txt file accompanying the release.

Solr 7.1 also includes many other new features as well as numerous optimizations and bugfixes of the corresponding Apache Lucene release.

12 October 2017, Please secure your Apache Solr servers since a zero-day exploit has been reported on a public mailing list¶

Please secure your Solr servers since a zero-day exploit has beenreported on a public mailing list.This has been assigned a public CVE (CVE-2017-12629) which wewill reference in future communication about resolution and mitigationsteps.

Here is what we're recommending and what we're doing now:

Until fixes are available, all Solr users are advised to restart theirSolr instances with the system property -Ddisable.configEdit=true.This will disallow any changes to be made to configurations via theConfig API. This is a key factor in this vulnerability, since it allowsGET requests to add the RunExecutableListener to the config. This issufficient to protect you from this type of attack, but means you cannotuse the edit capabilities of the Config API until the other fixesdescribed below are in place. Users are also advised to remapthe XML Query Parser to another parser to mitigate the XXEvulnerability. For example, adding the following to the solrconfig.xmlfile maps the xmlparser to the edismax parser:.

A new release of Lucene/Solr was in the vote phase, but we have nowpulled it back to be able to address these issues in the upcoming 7.1release. We will also determine mitigation steps for users on earlierversions, which may include a 6.6.2 release for users still on 6.x.

The RunExecutableListener will be removed in 7.1. It was previouslyused by Solr for index replication but has been replaced and is nolonger needed.

The XML Parser will be fixed and the fixes will be included in the 7.1release.

The 7.1 release was already slated to include a change to disable thestream.body parameter by default, which will further help protectsystems.

6 October 2017, Apache Solr™ 7.0.1 available¶

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigationfeatures of many of the world's largest internet sites.

Solr 7.0.1 is available for immediate download at:https://solr.apache.org/downloads.html

This release includes 2 bug fixes since the 7.0.0 release:

Solr 7.0 cannot read indexes from 6.x versions.

Message "Lock held by this virtual machine" during startup.Solr is trying to start some cores twice.

Furthermore, this release includes Apache Lucene 7.0.1 which includes 1 bugfix since the 7.0.0 release.

The release is available for immediate download at:

https://www.apache.org/dyn/closer.lua/lucene/solr/7.0.1

Please read CHANGES.txt for a detailed list of changes:

https://solr.apache.org/7_0_1/changes/Changes.html

2 October 2017, Apache Solr Reference Guide for 7.0 available¶

The Lucene PMC is pleased to announce the release of the Apache Solr Reference Guide for Solr 7.0.

This 1,035-page PDF is the definitive guide to Solr. This version adds documentation for new features of Solr, plus detailed information about changes and deprecations you should know about when upgrading from Solr 6.x to Solr 7.0.

You can download the PDF from: https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.0.pdf.

An HTML version is also available from: https://solr.apache.org/guide/7_0/.

20 September 2017, Apache Solr™ 7.0.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 7.0.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigation featuresof many of the world's largest internet sites.

Solr 7.0.0 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights for this Solr release include:

Replica Types - Solr 7 supports different replica types, which handle updates differently. In addition to pure NRT operation where all replicas build an index and keep a replication log, you can now also add so called PULL replicas, achieving the read-speed optimized benefits of a master/slave setup while at the same time keeping index redundancy.

Auto-scaling. Solr can now allocate new replicas to nodes using a new auto scaling policy framework. This framework will in future releases enable Solr to move shards around based on load, disk etc.

Indented JSON is now the default response format for all APIs, pass wt=xml and/or indent=off to use the previous unindented XML format.

The JSON Facet API now supports two-phase facet refinement to ensure accurate counts and statistics for facet buckets returned in distributed mode.

Streaming Expressions adds a new statistical programming syntax for the statistical analysis of sql queries, random samples, time series and graph result sets.

Analytics Component version 2.0, which now supports distributed collections, expressions over multivalued fields, a new JSON request language, and more.

The new v2 API, exposed at /api/ and also supported via SolrJ, is now the preferred API, but /solr/ continues to work.

A new '_default' configset is used if no config is specified at collection creation. The data-driven functionality of this configset indexes strings as analyzed text while at the same time copying to a '*_str' field suitable for faceting.

Solr 7 is tested with and verified to support Java 9.

See the Solr CHANGES.txt files included with the release for a full list of details.

18 September 2017, CVE-2017-9803: Security vulnerability in kerberos delegation token functionality**¶

CVE-2017-9803: Security vulnerability in kerberos delegation token functionality

Severity: Important

Vendor:The Apache Software Foundation

Versions Affected:Solr 6.2.0 to 6.6.0

Description:

Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application.There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider),

Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster.

The vulnerability is fixed from Solr 6.6.1 onwards.

Mitigation:6.x users should upgrade to 6.6.1

Credit:This issue was discovered by Hrishikesh Gadre of Cloudera Inc.

References:

https://issues.apache.org/jira/browse/SOLR-11184https://cwiki.apache.org/confluence/display/solr/SolrSecurity7 September 2017, Apache Solr™ 6.6.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigation featuresof many of the world's largest internet sites.

Solr 6.6.1 is available for immediate download at:https://solr.apache.org/downloads.html

This release includes 15 bug fixes since the 6.6.0 release. Some of the major fixes are:

Standalone Solr loads UNLOADed core on request

ParallelStream should set the StreamContext when constructing SolrStreams

CloudSolrStream.toExpression incorrectly handles fq clauses

CoreContainer.load needs to send lazily loaded core descriptors to the proper list rather than send them all to the transient lists

Creating a core should write a core.properties file first and clean up on failure

Clean up a few details left over from pluggable transient core and untangling

Provide a way to know when Core Discovery is finished and when all async cores are done loading

CDCR bootstrapping can get into an infinite loop when a core is reloaded

SolrJmxReporter is broken on core reload. This resulted in some or most metrics not being reported via JMX after core reloads, depending on timing

Creating a core.properties fails if the parent of core.properties is a symlinked directory

StreamHandler should allow connections to be closed early

Certain admin UI pages would not load up correctly with kerberos enabled

Fix DOWNNODE -> queue-work znode explosion in ZooKeeper

Upgrade to Hadoop 2.7.4 to fix incompatibility with Java 9

Fix bin/solr.cmd so it can run properly on Java 9

Furthermore, this release includes Apache Lucene 6.6.1 which includes 2 bug fixes since the 6.6.0 release.

See the Solr CHANGES.txt files includedwith the release for a full list of details.

7 July 2017, CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr**¶

CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

Severity: Important

Vendor:The Apache Software Foundation

Versions Affected:

Solr 5.3 to 5.5.4Solr 6.0 to 6.5.1

Description:Solr uses a PKI based mechanism to secure inter-node communicationwhen security is enabled. It is possible to create a specially craftednode name that does not exist as part of the cluster and point it to amalicious node. This can trick the nodes in cluster to believe thatthe malicious node is a member of the cluster. So, if Solr users haveenabled BasicAuth authentication mechanism using the BasicAuthPluginor if the user has implemented a custom Authentication plugin, whichdoes not implement either "HttpClientInterceptorPlugin" or"HttpClientBuilderPlugin", his/her servers are vulnerable to thisattack. Users who only use SSL without basic authentication or thosewho use Kerberos are not affected.

Mitigation:

6.x users should upgrade to 6.6.0 or higher5.x users should obtain the latest source from git and apply this patch:http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf

Credit:This issue was discovered by Noble Paul of Lucidworks Inc.

References:

https://issues.apache.org/jira/browse/SOLR-10624https://cwiki.apache.org/confluence/display/solr/SolrSecurity6 June 2017, Apache Solr™ 6.6.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.6.0

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigation featuresof many of the world's largest internet sites.

Solr 6.6.0 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

Payload support with payload() value source and {!payload_score} and {!payload_check}query parsers

Solr support for SimpleTextCodec

Multi-field support to TermsComponent when requesting terms' statistics

New AtomicUpdateProcessor to convert normal update operations to atomic update operations

UPLOAD command (Config Set API) for uploading zipped configsets

MOVEREPLICA command (Collections API) for moving a replica across nodes

LISTALIASES command (Collections API) to return a list of all collection aliases

STATUS command (Core Admin API) to emit collection details of each core

Basic authentication can be enabled/disabled using bin/solr|bin/solr.cmd

Solr default/example uses WordDelimiterGraphFilterFactory and SynonymGraphFilterFactory

Expose cache statistics using metrics API

CloudSolrClient can now be initialized using the base URL of a Solr instance instead of ZooKeeper hosts

Grouping, CollapseQParser and ExpandComponent support with PointFields

Variance and Standard Deviation aggregators for the JSON Facet API

JSON Faceting now supports a query time 'join' domain change option

CartesianProductStream, which turns a single tuple with a multi-valued field into N tuples, one for each value in the multi-valued field

New Streaming Evaluators: Basic math, UUID, Date/time, correlation, regress, predict, covariance, convolution, normalize

New Streaming Expressions: shuffle, echo, eval, timeseries, let, get, tuple

See the Solr CHANGES.txt files includedwith the release for a full list of details.

27 April 2017, Apache Solr™ 6.5.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.5.1

Solr is the popular, blazing fast, open source NoSQL search platform from theApache Lucene project. Its major features include powerful full-text search,hit highlighting, faceted search and analytics, rich document parsing,geospatial search, extensive REST APIs as well as parallel SQL. Solr isenterprise grade, secure and highly scalable, providing fault tolerantdistributed search and indexing, and powers the search and navigation featuresof many of the world's largest internet sites.

Solr 6.5.1 is available for immediate download at:https://solr.apache.org/downloads.html

This release includes 11 bug fixes since the 6.5.0 release. Some of the major fixes are:

bin\solr.cmd delete and healthcheck now works again; fixed continuation chars ^

Fix debug related NullPointerException in solr/contrib/ltr OriginalScoreFeature class.

The JSON output of /admin/metrics is fixed to write the container as a map (SimpleOrderedMap) instead of an array (NamedList).

On 'downnode', lots of wasteful mutations are done to ZK.

Fix params persistence for solr/contrib/ltr (MinMax|Standard)Normalizer classes.

The fetch() streaming expression wouldn't work if a value included query syntax chars (like :+-). Fixed, and enhanced the generated query to not pollute the queryCache.

Disable graph query production via schema configuration . This fixes broken queries for ShingleFilter-containing query-time analyzers when request param sow=false.

Fix indexed="false" on numeric PointFields

SQL AVG function mis-interprets field type.

SQL interface does not use client cache.

edismax with sow=false fails to create dismax-per-term queries when any field is boosted.

Furthermore, this release includes Apache Lucene 6.5.1 which includes 3 bug fixes since the 6.5.0 release.

See the Solr CHANGES.txt files includedwith the release for a full list of details.

27 March 2017, Apache Solr™ 6.5.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.5.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.5.0 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

PointFields (fixed-width multi-dimensional numeric & binary types enabling fast range search) are now supported

In-place updates to numeric docValues fields (single valued, non-stored, non-indexed) supported using atomic update syntax

A new LatLonPointSpatialField that uses points or doc values for query

It is now possible to declare a field as "large" in order to bypass the document cache

New sow=false request param (split-on-whitespace) for edismax & standard query parsers enables query-time multi-term synonyms

XML QueryParser (defType=xmlparser) now supports span queries

hl.maxAnalyzedChars now have consistent default across highlighters

UnifiedSolrHighlighter and PostingsSolrHighlighter now support CustomSeparatorBreakIterator

Scoring formula is adjusted for the scoreNodes function

Calcite Planner now applies constant Reduction Rules to optimize plans

A new significantTerms Streaming Expression that is able to extract the significant terms in an index

StreamHandler is now able to use runtimeLib jars

Arithmetic operations are added to the SelectStream

Added modernized self-documenting /v2 API

The .system collection is now created on first request if it does not exist

Admin UI: Added shard deletion button

Metrics API now supports non-numeric metrics (version, disk type, component state, system properties...)

The disk free and aggregated disk free metrics are now reported

The DirectUpdateHandler2 now implements MetricsProducer and exposes stats via the metrics api and configured reporters.

BlockCache is faster due to less failures when caching a new block

MMapDirectoryFactory now supports "preload" option to ask mapped pages to be loaded into physical memory on init

Security: BasicAuthPlugin now supports standalone mode

Arbitrary java system properties can be passed to zkcli

SolrHttpClientBuilder can be configured via java system property

Javadocs and Changes.html are no longer included in the binary distribution, but are hosted online

See the Solr CHANGES.txt files includedwith the release for a full list of details.

7 March 2017, Apache Solr™ 6.4.2 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.4.2.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.4.2 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

Fixed: Serious performance degradation in Solr 6.4 due to the metrics collection. IndexWriter metrics collection turned off by default, directory level metrics collection completely removed (until a better design is found)

Fixed: Transaction log replay can hit an NullPointerException due to new Metrics code

Fixed: NullPointerException in CloudSolrClient when reading stale alias

Fixed: UnifiedHighlighter and PostingsHighlighter bug in PrefixQuery and TermRangeQuery for multi-byte text

See the Solr CHANGES.txt files includedwith the release for a full list of details.

17 February 2017, Apache Solr Reference Guide for 6.4 Available¶

The Lucene PMC is pleased to announce that the Solr Reference Guidefor Solr 6.4 has been released.

This 763-page PDF is the definitive guide to using Apache Solr. It can bedownloaded from:

https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-6.4.pdf

15 February 2017, Apache Solr™ 5.5.4 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.4.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 5.5.4 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

Better validation of filename params in ReplicationHandler

Upgraded commons-fileupload to 1.3.2, fixing a potential vulnerability CVE-2016-3092

See the Solr CHANGES.txt files includedwith the release for a full list of details.

15 February 2017, CVE-2017-3163: Apache Solr ReplicationHandler path traversal attack**¶

CVE-2017-3163: Apache Solr ReplicationHandler path traversal attack

Severity: Moderate

Vendor:The Apache Software Foundation

Versions Affected:Solr 1.4 to 6.4.0

Description:When using the Index Replication feature, Solr nodes can pull index files froma master/leader node using an HTTP API which accepts a file name. However,Solr did not validate the file name, hence it was possible to craft a specialrequest involving path traversal, leaving any file readable to the Solr serverprocess exposed. Solr servers protected and restricted by firewall rulesand/or authentication would not be at risk since only trusted clients and userswould gain direct HTTP access.

Mitigation:

6.x users should upgrade to 6.4.15.x users should upgrade to 5.5.44.x, 3.x and 1.4 users should upgrade to a supported version of Solr or setup proper firewalling, or disable the ReplicationHandler if not in use.

Credit:This issue was discovered by Hrishikesh Gadre of Cloudera Inc.

References:

https://issues.apache.org/jira/browse/SOLR-10031https://cwiki.apache.org/confluence/display/solr/SolrSecurity6 February 2017, Apache Solr™ 6.4.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.4.1.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.4.1 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

"Plugin/Stats" section of the UI doesn't display empty metric types

SOLR_SSL_OPTS was mistakenly overwritten in solr.cmd

Better validation of filename params in ReplicationHandler

Core swapping did not work with new metrics changes in place

Admin UI could not find DataImport handlers due to metrics changes

AnalyzingInfixSuggester/BlendedInfixSuggester now work with core reload

See the Solr CHANGES.txt files includedwith the release for a full list of details.

23 January 2017, Apache Solr™ 6.4.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.4.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.4.0 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

Streaming:

Addition of a HavingStream to Streaming API and Streaming Expressions

Addition of a priority Streaming Expression

Streaming expressions now support collection aliases

Machine Learning:

Configurable Learning-To-Rank (LTR) support: upload feature definitions, extract feature values, upload your own machine learnt models and use them to rerank search results.

Faceting:

Added "param" query type to facet domain filter specification to obtain filters via query parameters

Any facet command can be filtered using a new parameter filter. Example:{ type:terms, field:category, filter:"user:yonik" }

Scripts / Command line:

A new command-line tool to manage the snapshots functionality

bin/solr and bin/solr.cmd now use mkroot command

SolrCloud / SolrJ

LukeResponse now supports dynamic fields

Solrj client now supports hierarchical clusters and other topics marker

Collection backup/restore are extensible.

Security:

Support Secure Impersonation / Proxy User for Solr authentication

Key Store type can be specified in solr.in.sh file for SSL

New generic authentication plugins: 'HadoopAuthPlugin' and 'ConfigurableInternodeAuthHadoopPlugin' that delegate all functionality to Hadoop authentication framework

Query / QueryParser / Highlighting:

A new highlighter: The Unified Highlighter.Try it via hl.method=unified; many popular highlighting parameters / features are supported.It's the highest performing highlighter, especially for large documents.Highlighting phrase queries and exotic queries are supported equally as well as the Original Highlighter (aka the default/standard one).Please use this new highlighter and report issues since it will likely become the default one day.

Leading wildcard in complexphrase query parser are now accepted and optimized with the ReversedWildcardFilterFactory when it's provided

Metrics:

Use metrics-jvm library to instrument jvm internals such as GC, memory usage and others.

A lot of metrics have been added to the collection: index merges, index store I/Os, query, update, core admin, core load thread pools, shard replication, tlog replay and replicas

A new /admin/metrics API to return all metrics collected by Solr via API.

Misc changes:

The new config parameter 'maxRamMB'can now limit the memory consumed by the FastLRUCache

A new document processor 'SkipExistingDocumentsProcessor' that skips duplicate inserts and ignores updates to missing docs

FieldCache information fetched via the mbeans handler or seen via the UI now displays the total size used.

A new config flag 'enable' allows to enable/disable any cache

Please note, this release cannot be built from source with Java 8 update 121,use an earlier version instead! This is caused by a bug introduced into theJavadocs tool shipped with that update. The workaround was too late for thisLucene release. Of course, you can use the binary artifacts.

See the Solr CHANGES.txt files includedwith the release for a full list of details.

16 November 2016, Apache Solr Reference Guide for 6.3 Available¶

The Lucene PMC is pleased to announce that the Solr Reference Guidefor Solr 6.3 has been released.

This 736-page PDF is the definitive guide to using Apache Solr. It can bedownloaded from:

https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-6.3.pdf

8 November 2016, Apache Solr™ 6.3.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.3.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.3.0 is available for immediate download at:https://solr.apache.org/downloads.html

Highlights of this Solr release include:

DocValues, streaming, /export, machine learning

Optimize, store and deploy AI models in Solr

Ability to add custom streaming expressions

New streaming expressions such as "fetch", "executor", and "commit" added.

Parallel SQL accepts , =, etc., symbols.

Support facet scoring with the scoreNodes expression

Retrieving docValues as stored values was sped up by using the proper leaf reader rather than ask for a global view.In extreme cases, this leads to a 100x speedup.

Faceting:

facet.method=enum can bypass exact counts calculation with facet.exists=true, it just returns 1 for terms which exists in result docset

Add "overrequest" parameter to JSON Facet API to control amount of overrequeston a distributed terms facet

Logging:

You can now set Solr's log level through environment variable SOLR_LOG_LEVEL

GC logs are rotated by JVM to a max of 9 files, and backed up via bin/solr scripts

Solr's logging verbosity at the INFO level has been greatly reduced by moving much logging to DEBUG level

The solr-8983-console.log file now only logs STDOUT and STDERR output, not all log4j logs as before

Solr's main log file, solr.log, is now written to SOLR_LOGS_DIR without changing log4j.properties

Start scripts:

Allow 180 seconds for shutdown before killing solr (configurable, old limit 5s) (Unix only)

Start scripts now exits with informative message if using wrong Java version

Fixed "bin/solr.cmd zk upconfig" command which was broken on windows

You can now ask for DEBUG logging simply with '-v' option, and for WARN logging with '-q' option

SolrCloud:

The DELETEREPLICA API can accept a 'count' parameter and remove "count" number of replicas from each shard if the shard name is not provided

The config API shows expanded useParams for request handlers inline

Ability to create/delete/list snapshots at collection level

The modify collection API now waits for the modified properties to show up in the cluster state before returning

Many bug fixes related to SolrCloud recovery for data safety and faster recovery times.

Security:

SolrJ now supports Kerberos delegation tokens

Pooled SSL connections were not being re-used. This is now fixed.

Fix for the blockUnknown property which made inter-node communication impossible

Support SOLR_AUTHENTICATION_OPTS and SOLR_AUTHENTICATION_CLIENT_CONFIGURER in windows bin/solr.cmd script

New parameter -uin bin/post to pass basicauth credentials

Misc changes:

Optimizations to lower memory allocations when indexing JSON as well as for replication between solr cloud nodes.

A new Excel workbook (.xlsx) response writer has been added. Use 'wt=xlsx' request parameter on a query request to enable.

See the Solr CHANGES.txt files includedwith the release for a full list of details.

20 September 2016, Apache Solr™ 6.2.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.2.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

This release includes 11 bug fixes since the 6.2.0 release. Some of the major fixes are:

SOLR-9490: BoolField always returning false for non-DV fields when javabin involved (via solrj, or intra node communication)

SOLR-9188: BlockUnknown property makes inter-node communication impossible

SOLR-9389: HDFS Transaction logs stay open for writes which leaks Xceivers

SOLR-9438: Shard split can fail to write commit data on shutdown leading to data loss

Furthermore, this release includes Apache Lucene 6.2.1 which includes 3 bug fixes since the 6.2.0 release.

The release is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/6.2.1

See the CHANGES.txtfile included with the release for a detailed list of changes.

13 September 2016, Apache Solr Reference Guide for 6.2 available¶

The Lucene PMC is pleased to announce that the Solr Reference Guidefor Solr 6.2 has been released.

This 717-page PDF is the definitive guide to using Apache Solr. It can bedownloaded from:

https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-6.2.pdf

9 September 2016, Apache Solr 5.5.3 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.3

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

This release includes 5 bug fixes since the 5.5.2 release.

This release specially contains 2 critical fixes:* The number of TCP connections in CLOSE_WAIT state do not spike during indexing,* PeerSync no longer fails on a node restart due to IndexFingerPrint mismatch.

The release is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.3

See the CHANGES.txtfile included with the release for a detailed list of changes.

25 August 2016, Apache Solr 6.2.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.2.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.2.0 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 6.2 Release Highlights:

DocValues, streaming, /export, machine learning

DocValues can now be used with BoolFields

Date and boolean support added to /export handler

Add "scoreNodes" streaming graph expression

Support parallel ETL with the "topic" expression

Feature selection and logistic regression on text via new streaming expressions: "features" and "train"

bin/solr script

Add basic auth support to the bin/solr script

File operations to/from Zookeeper are now supported

SolrCloud

New tag 'role' in replica placement rules, e.g. rule=role:!overseer keeps new repicas off overseer nodes

CDCR: fall back to whole-index replication when tlogs are insufficient

New REPLACENODE command to decommission an existing node and replace it with another new node

New DELETENODE command to delete all replicas on a node

Security

Add Kerberos delegation token support

Support secure impersonation / proxy user for Kerberos authentication

Misc changes

A large number of regressions were fixed in the new Admin UI

New boolean comparison function queries comparing numeric arguments: gt, gte, lt, lte, eq

Upgraded Extraction module to Apache Tika 1.13.

Updated to Hadoop 2.7.2

See the CHANGES.txtfile included with the release for a detailed list of changes.

25 June 2016, Apache Solr 5.5.2 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.2

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

This release includes 38 bug fixes, documentation updates, etc.,since the 5.5.1 release.

The release is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.2

See the CHANGES.txtfile included with the release for a detailed list of changes.

17 June 2016, Apache Solr 6.1.0 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.1.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search and analytics,rich document parsing, geospatial search, extensive REST APIs as wellas parallel SQL. Solr is enterprise grade, secure and highly scalable,providing fault tolerant distributed search and indexing, and powersthe search and navigation features of many of the world's largestinternet sites.

Solr 6.1.0 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 6.1 Release Highlights:

Added graph traversal support, and new "sort" and "random" streaming expressions. It's also now possible to create streaming expressions with the Solr Admin UI.

Fixed the ENUM faceting method to not be unnecessarily rewritten to FCS, which was causing slowdowns.

Reduced garbage creation when creating cache entries.

New [subquery] document transformer to obtatin related documents per result doc.

EmbeddedSolrServer allocates heap much wisely even with plain document list without callbacks.

New GeoJSON response writer for encoding geographic data in query responses.

See the CHANGES.txtfile included with the release for a detailed list of changes.

28 May 2016, Apache Solr 6.0.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.0.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

This release includes 31 bug fixes, documentation updates, etc.,since the 6.0.0 release.

The release is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/6.0.1

See the CHANGES.txtfile included with the release for a detailed list of changes.

5 May 2016, Apache Solr 5.5.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.5.1 is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/5.5.1

This release contains a number of bug fixes for Solr, as well we Lucene.

See the CHANGES.txtfile included with the release for a full list of details.

25 April 2016, Solr Reference Guide for 6.0 Available¶

The Lucene PMC is pleased to announce the release of the Solr Reference Guide for 6.0.

The Guide has been extensively updated for Solr 6.0, with new sections on Parallel SQL and Cross Data Center Replication.

The 660 page PDF can be downloaded from https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-6.0.pdf.

8 April 2016, Apache Solr 6.0.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 6.0.0

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 6.0.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txt

Solr 6.0 Release Highlights:

Improved defaults for "Similarity" used in Solr, in order to provide better default experience for new users.

Improved "Similarity" defaults for users upgrading: DefaultSimilarityFactory has been removed, implicit default Similarity has been changed to SchemaSimilarityFactory, and SchemaSimilarityFactory has been modified to use BM25Similarity as the default for field types that do not explicitly declare a Similarity.

Deprecated GET methods for schema are now accessible through the bulk API. The output has less details and is not backward compatible.

Users should set useDocValuesAsStored="false" to preserve sort order on multi-valued fields that have both stored="true" and docValues="true".

Formatted date-times are more consistent with ISO-8601. BC dates are now better supported since they are now formatted with a leading '-'. AD years after 9999 have a leading '+'. Parse exceptions have been improved.

Deprecated SolrServer and subclasses have been removed, use SolrClient instead.

The deprecatedconfiguration in solrconfig.xml has been removed. Users must remove it from solrconfig.xml.

SolrClient.shutdown() has been removed, use SolrClient.close() instead.

The deprecated zkCredientialsProvider element in solrcloud section of solr.xml is now removed. Use the correct spelling (zkCredentialsProvider) instead.

Added support for executing Parallel SQL queries across SolrCloud collections. Includes StreamExpression support and a new JDBC Driver for the SQL Interface.

New features and capabilities added to the streaming API.

Added support for SELECT DISTINCT queries to the SQL interface.

New GraphQuery to enable graph traversal as a query operator.

New support for Cross Data Center Replication consisting of active/passive replication for separate SolrClouds hosted in separate data centers.

Filter support added to Real-time get.

Column alias support added to the Parallel SQL Interface.

New command added to switch between non/secure mode in zookeeper.

Now possible to use IP fragments in replica placement rules.

22 February 2016, Apache Solr 5.5.0 and Reference Guide for 5.5 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.0

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.5.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txtfile included with the release for a full list of details.

This is expected to be the last 5.x feature release before Solr 6.0.

Release Highlights:

The schema version has been increased to 1.6, and Solr now returns non-stored doc values fields along with stored fields

The PERSIST CoreAdmin action has been removed

The mergePolicy element is deprecated in favor of a similar mergePolicyFactory element, in solrconfig.xml

CheckIndex now works on HdfsDirectory

RuleBasedAuthorizationPlugin now allows wildcards in the role, and accepts an 'all' permission

Users can now choose compression mode in SchemaCodecFactory

Solr now supports Lucene's XMLQueryParser

Collections APIs now have async support

Uninverted field faceting is re-enabled, for higher performance on rarely changing indices

Also available is the Solr Reference Guide for Solr 5.5. This PDF serves as the definitive user's manual for Solr 5.5. It can be downloaded from the Apache mirror network: https://s.apache.org/Solr-Ref-Guide-PDF

8 February 2016, Apache Lucene/Solr development moves to GIT¶

As of January 23rd 2016, Lucene/Solr source code is hosted in Apache's GIT repository.This means that the old SVN repository is now stale and should not be used.For information on working with git, please consultthe Solr web siteand the wiki.

The GitHub mirror remains atthe same location as before, but the contents have changed. We now haveone unified repo preserving the full history of both Lucene and Solr.If you had a GitHub fork, you will findthat it has changed its "forked from" location, and any Pull Request will go tothat other fork instead of to the Lucene developers. The only known solution is todelete your existing fork and re-fork from GitHub.

If you had active code changes and Pull Requests against our old GitHub mirror,please see the wikifor some suggestions on how to proceed.

The PMC is happy to answer any question you may have regarding this change.

23 January 2016, Apache Solr 5.3.2 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.3.2

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.3.2 is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/5.3.2

This release contains a number of bug fixes for Solr, as well we Lucene.

See the CHANGES.txtfile included with the release for a full list of details.

23 January 2016, Apache Solr 5.4.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.4.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.4.1 is available for immediate download at:https://solr.apache.org/downloads.html

This release especially contains a fix for a faceting bug that couldcause facet counts to include deleted documents and a fix for acorruption bug that was introduced in version 5.4.0. If you are on5.4.0 and using BINARY, SORTED_NUMERIC or SORTED_SET doc values,upgrading to 5.4.1 is strongly recommended.

See the CHANGES.txtfile included with the release for a full list of details.

15 December 2015, Apache Solr Reference Guide for 5.4 Available¶

Hot on the heels of the Solr 5.4.0 release (see below), the Lucene PMC is pleased to announce the release of the Apache Solr Reference Guide for Solr 5.4.

This 598 page PDF file can be downloaded from https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/.

14 December 2015, Apache Solr 5.4.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.4.0

The release can be downloaded from https://solr.apache.org/downloads.html

Highlights of this Solr release include:UI ChangesThe rearchitected Admin UI is now prominently linked to from the existing UI, and includes support for managing collections as well as creating and removing fields via the schema tab. Expect it to be default in the next release.API FeaturesNew Collections APIs for migrating from clusterstate.json to per-collection state.json and forcing the election of a leader when all replicas in a shard are down.A new configset management API has been added.Querying FeaturesFilter cache is now accessible via a solr query syntax.ScoreJoins can now refer to a single-sharded collection that is replicated on all nodes.Add boost support, and 'exclude the queried document' in MoreLikeThis QParser.Add a 'sort' local param to the collapse QParser to support using complex sort options to select the representitive doc for each collapsed group.Other FeaturesSolrJ now has support for connecting to Solr using basic authentication.Analyzing suggesters can now filter suggestions by a context field.JSON Facet API: add "method" param to terms/field facets to give an execution hint for what method should be used to facet.CloneFieldUpdateProcessorFactory now supports choosing a "dest" field name based on a regex pattern and replacement init options.Provide pluggable context tool support for VelocityResponseWriter.24 September 2015, Apache Solr 5.3.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.3.1

The release can be downloaded from https://solr.apache.org/downloads.html

Highlights of this Solr release include:Bug Fixessecurity.json is not loaded on server startRuleBasedAuthorization plugin does not work for the collection-admin-edit permissionVelocityResponseWriter template encoding issue. Templates must be UTF-8 encodedSimplePostTool (also bin/post) -filetypes "*" now works properly in 'web' modeexample/files update-script.js to be Java 7 and 8 compatible.SolrJ could not make requests to handlers with '/admin/' prefixUse of timeAllowed can cause incomplete filters to be cached and incorrect results to be returned on subsequent requestsVelocityResponseWriter's $resource.get(key,baseName,locale) to use specified locale.Resolve XSS issue in Admin UI stats page24 August 2015, Apache Solr 5.3.0 and Reference Guide for 5.3 available¶

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.3.0 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 5.3 Release Highlights:

In addition to many other improvements in the security framework, Solr now includes an AuthenticationPlugin implementing HTTP Basic Auth that stores credentials securely in ZooKeeper. This is a simple way to require a username and password for anyone accessing Solr’s admin screen or APIs.In built AuthorizationPlugin that provides fine grained control over implementing ACLs for various resources with permisssion rules which are stored in ZooKeeper.The JSON Facet API can now change the domain for facet commands, essentially doing a block join and moving from parents to children, or children to parents before calculating the facet data.Major improvements in performance of the new Facet Module / JSON Facet API.Query and Range Facets under Pivot Facets. Just like the JSON Facet API, pivot facets can how nest other facet types such as range and query facets.More Like This Query Parser options. The MoreLikeThis QParser now supports all options provided by the MLT Handler. The query parser is much more versatile than the handler as it works in cloud mode as well as anywhere a normal query can be specified.Added Schema API support in SolrJAdded Scoring mode for query-time join and block join.Added Smile response format

See the CHANGES.txt file included with the release for a full list of details.

Please report any feedback to the mailing lists

15 June 2015, Apache Solr 5.2.1 available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.2.1

Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites.

This release contains various bug fixes and optimizations since the 5.2.0 release. The release is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txt file included with the release for a full list of details.

Solr 5.2.1 includes 8 bug fixes and 2 other changes.

Release Highlights:

Fix javascript bug introduced by SOLR-7409 that breaks the dataimport screen in the admin UIFaceting on a numeric field with a unique() subfacet function on another numeric field can result in incorrect results or an exceptionNew Facet Module should respect shards.tolerant and process all non-failing shards instead of throwing an exceptionA request with a json content type but no body caused a null pointer exceptionSolrOutputFormat creates an invalid solr.xml in the solr home zip for MapReduceIndexerToolFix new (Angular-based) admin UI Cloud paneThe DefaultSolrHighlighter since 5.0 was determining if payloads were present in a way that was slow, especially when lots of fields were highlighted. It's now fastRequests are not distributed evenly if the collection isn't present locally

See the CHANGES.txt file included with the release for a full list of changes and further details.

Please report any feedback to the mailing lists

7 June 2015, Apache Solr 5.2.0 and Reference Guide for 5.2 available¶

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.2.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txt file included with the release for a full list of details.

Solr 5.2.0 Release Highlights:

Restore API allows restoring a core from an index backup.

JSON Facet API

unique() is now implemented for numeric and date fieldsOptional flatter form via a "type" parameterAdded support for "mincount" parameter in range facets to suppress buckets less than that countMulti-select faceting support for the Facet Module via the "excludeTags" parameter which disregards any matching tagged filters for that facet.hll() facet function for distributed cardinality via HyperLogLog algorithm.See examples at http://yonik.com/solr-count-distinct/

A new "facet.range.method" parameter to let users choose how to do range faceting between an implementation based on filters (previous algorithm, using "facet.range.method=filter") or DocValues ("facet.range.method=dv")

Rule-based Replica assignment during collection, shard, and replica creation.

Stats component:

New 'cardinality' option for stats.field, uses HyperLogLog to efficiently estimate the cardinality of a field w/bounded RAM. Blog post: https://lucidworks.com/blog/hyperloglog-field-value-cardinality-stats/stats.field now supports individual local params for 'countDistinct' and 'distinctValues'. 'calcdistinct' is still supported as an alias for both options.

Solr security

Authentication and Authorization frameworks that define interfaces, and mechanisms to create, load, and use authorization/authentication plugins have been added.A Kerberos authentication plugin which would allow running a Kerberized Solr setup.

Solr Streaming Expressions See https://cwiki.apache.org/confluence/display/solr/Streaming+Expressions

bin/post (and SimplePostTool in -Dauto=yes mode) now sends rather than skips files without a known content type, as "application/octet-stream", provided it still is in the allowed filetypes setting.

HDFS transaction log replication factor is now configurable

A cluster-wide property can now be be added/edited/deleted using the zkcli script and doesn't require a running Solr instance.

New spatial RptWithGeometrySpatialField, based on CompositeSpatialStrategy, which blends RPT indexes for speed with serialized geometry for accuracy.Includes a Lucene segment based in-memory shape cache.

Refactored Admin UI using AngularJS. It isn't the default, but a parallel UI interface in this release.

Solr has internally been upgraded to use Jetty 9.

Solr 5.2.0 also includes many other new features as well as numerousoptimizations and bugfixes of the corresponding Apache Lucene release.

Also available is the Solr Reference Guide for Solr 5.2. This 591 pagePDF serves as the definitive user's manual for Solr 5.2. It can be downloadedfrom the Apache mirror network: https://s.apache.org/Solr-Ref-Guide-PDF

22 April 2015, Apache Solr Reference Guide Available¶

The Lucene PMC is pleased to announce the availability of the Apache Solr Reference Guide for Solr 5.1.

This 578 page PDF serves is the definitive user's manual for Solr. For this version, we've updated the Guide for several new features and changes and given the PDF a bit of a facelift for easier reading.

The Guide can be downloaded from https://www.apache.org/dyn/closer.lua/lucene/solr/ref-guide/apache-solr-ref-guide-5.1.pdf.

14 April 2015, Apache Solr 5.1.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 5.1.0.

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.1.0 is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/5.1.0

Solr 5.1.0 includes 39 new features, 40 bug fixes, and 36 optimizations/ other changes from over 60 unique contributors.

See the CHANGES.txt file includedwith the release for a full list of details.

5 March 2015, Apache Solr 4.10.4 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.4

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.10.4 is available for immediate download at:https://www.apache.org/dyn/closer.lua/lucene/solr/4.10.4

Solr 4.10.4 includes 24 bug fixes as well as Lucene 4.10.4 and its 13 bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

20 February 2015, Apache Solr 5.0.0 and Reference Guide for 5.0 available¶

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 5.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txt file included with the release for a full list ofdetails.

Solr 5.0 Release Highlights:

Usability improvements that include improved bin scripts and new and restructured examples.

Scripts to support installing and running Solr as a service on Linux.

Distributed IDF is now supported and can be enabled via the config. Currently, there are four supported implementations for the same:

LocalStatsCache: Local document stats.ExactStatsCache: One time use aggregationExactSharedStatsCache: Stats shared across requestsLRUStatsCache: Stats shared in an LRU cache across requests

Solr will no longer ship a war file and instead be a downloadable application.

SolrJ now has first class support for Collections API.

Implicit registration of replication,get and admin handlers.

Config API that supports paramsets for easily configuring solr parameters and configuring fields. This API also supports managing of pre-existing request handlers and editing common solrconfig.xml via overlay.

API for managing blobs allows uploading request handler jars and registering them via config API.

BALANCESHARDUNIQUE Collection API that allows for even distribution of custom replica properties.

There's now an option to not shuffle the nodeSet provided during collection creation.

Option to configure bandwidth usage by Replication handler to prevent it from using up all the bandwidth.

Splitting of clusterstate to per-collection enables scalability improvement in SolrCloud. This is also the default format for new Collections that would be created going forward.

timeAllowed is now used to prematurely terminate requests during query expansion and SolrClient request retry.

pivot.facet results can now include nested stats.field results constrained by those pivots.

stats.field can be used to generate stats over the results of arbitrary numeric functions.It also allows for requesting for statistics for pivot facets using tags.

A new DateRangeField has been added for indexing date ranges, especially multi-valued ones.

Spatial fields that used to require units=degrees now take distanceUnits=degrees/kilometers miles instead.

MoreLikeThis query parser allows requesting for documents similar to an existing document and also works in SolrCloud mode.

Logging improvements:

Transaction log replay status is now loggedOptional logging of slow requests.

Solr 5.0 also includes many other new features as well as numerousoptimizations and bugfixes of the corresponding Apache Lucene release.

Also available is the Solr Reference Guide for Solr 5.0. This 535 pagePDF serves as the definitive user's manual for Solr 5.0. It can be downloadedfrom the Apache mirror network: https://s.apache.org/Solr-Ref-Guide-PDF

29 December 2014, Apache Solr 4.10.3 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.3

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.10.3 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.10.3 includes 21 bug fixes, 5 other changes,as well as Lucene 4.10.3 and its 12 bug fixes.

This release fixes the following security vulnerability that has affectedSolr since the Solr 4.0 Alpha release.

CVE-2014-3628: Stored XSS vulnerability in Solr Admin UI.

Information disclosure: The Solr Admin UI Plugin / Stats page does not escapedata values which allows an attacker to execute javascript by executing a querythat will be stored and displayed via the 'fieldvaluecache' object.

See the CHANGES.txtfile included with the release for a full list of details, and HappyHolidays!

31 October 2014, Apache Solr 4.10.2 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.2

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.10.2 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.10.2 includes 10 bug fixes,as well as Lucene 4.10.2 and its 2 bug fixes.

See the CHANGES.txtfile included with the release for a full list of details, and HappyHalloween!

29 September 2014, Apache Solr 4.10.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.10.1 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.10.1 includes 6 bug fixes,as well as Lucene 4.10.1 and its 7 bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

22 September 2014, Apache Solr 4.9.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.9.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.9.1 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.9.1 includes 2 bug fixes,as well as Lucene 4.9.1 and its 7 bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

7 September 2014, Apache Solr Ref Guide for 4.10 Available¶

The Lucene PMC is pleased to announce that there is a new version of theSolr Reference Guide for Solr 4.10.

The 511 page PDF serves as the definitive user's manual for Solr 4.10. Itcan be downloaded from the Apache mirror network:https://www.apache.org/dyn/closer.lua/lucene/solr/ref-guide/.

3 September 2014, Apache Solr 4.10.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.0

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.10.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txtfile included with the release for a full list of details.

Solr 4.10.0 Release Highlights:

This release upgrades Solr Cell's (contrib/extraction) dependencyon Apache POI to mitigate2 security vulnerabilities.

Scripts for starting, stopping, and running Solr examples

Distributed query support for facet.pivot

Interval Faceting for Doc Values fields

New "terms" QParser for efficiently filtering documents by a list of values

18 August 2014, Recommendation to update Apache POI in Apache Solr 4.8.0, 4.8.1, and 4.9.0 installations¶

Apache Solr versions 4.8.0, 4.8.1, 4.9.0 bundle Apache POI 3.10-beta2 with its binary release tarball.This version (and all previous ones) of Apache POI are vulnerable to the following issues:

CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's OpenXML parser

Information disclosure: Apache POI uses Java's XML components to parse OpenXML files produced by Microsoft Office products (DOCX, XLSX, PPTX,...).Applications that accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allows remote attackers to bypasssecurity restrictions and read arbitrary files via a crafted OpenXML document that provides an XML external entity declaration in conjunctionwith an entity reference.

CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's OpenXML parser

Denial of service: Apache POI uses Java's XML components and Apache Xmlbeans to parse OpenXML files produced by Microsoft Office products(DOCX, XLSX, PPTX,...). Applications that accept such files from end-users are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"),which allows remote hackers to consume large amounts of CPU resources.

The Apache POI PMC released a bugfix version (3.10.1) today.

Solr users are affected by these issues, if they enable the "Apache Solr Content Extraction Library (Solr Cell)"contrib module from the folder "contrib/extraction" of the release tarball.

Users of Apache Solr are strongly advised to keep the module disabled if they don't use it.Alternatively, users of Apache Solr 4.8.0, 4.8.1, or 4.9.0 can update the affected libraries byreplacing the vulnerable JAR files in the distribution folder. Users of previous versions haveto update their Solr release first, patching older versions is impossible.

To replace the vulnerable JAR files follow these steps:

Download the Apache POI 3.10.1 binary release.

Unzip the archive.

Delete the following files in your "solr-4.X.X/contrib/extraction/lib" folder:

poi-3.10-beta2.jarpoi-ooxml-3.10-beta2.jarpoi-ooxml-schemas-3.10-beta2.jarpoi-scratchpad-3.10-beta2.jarxmlbeans-2.3.0.jar

Copy the following files from the base folder of the Apache POI distribution to the "solr-4.X.X/contrib/extraction/lib" folder:

poi-3.10.1-20140818.jarpoi-ooxml-3.10.1-20140818.jarpoi-ooxml-schemas-3.10.1-20140818.jarpoi-scratchpad-3.10.1-20140818.jar

Copy "xmlbeans-2.6.0.jar" from POI's "ooxml-lib/" folder to the "solr-4.X.X/contrib/extraction/lib" folder.

Verify that the "solr-4.X.X/contrib/extraction/lib" no longer contains any files with version number "3.10-beta2".

Verify that the folder contains one xmlbeans JAR file with version 2.6.0.

If you just want to disable extraction of Microsoft Office documents, delete the files above and don't replace them."Solr Cell" will automatically detect this and disable Microsoft Office document extraction.

Coming versions of Apache Solr will have the updated libraries bundled.

18 August 2014, CVE-2014-3529, CVE-2014-3574: Recommendation to update Apache POI in Apache Solr 4.8.0, 4.8.1, and 4.9.0 installations¶

Apache Solr versions 4.8.0, 4.8.1, 4.9.0 bundle Apache POI 3.10-beta2 with its binary release tarball.This version (and all previous ones) of Apache POI are vulnerable to the following issues:

CVE-2014-3529: XML External Entity (XXE) problem in Apache POI's OpenXML parser

Information disclosure: Apache POI uses Java's XML components to parse OpenXML files produced by Microsoft Office products (DOCX, XLSX, PPTX,...).Applications that accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allows remote attackers to bypasssecurity restrictions and read arbitrary files via a crafted OpenXML document that provides an XML external entity declaration in conjunctionwith an entity reference.

CVE-2014-3574: XML Entity Expansion (XEE) problem in Apache POI's OpenXML parser

Denial of service: Apache POI uses Java's XML components and Apache Xmlbeans to parse OpenXML files produced by Microsoft Office products(DOCX, XLSX, PPTX,...). Applications that accept such files from end-users are vulnerable to XML Entity Expansion (XEE) attacks ("XML bombs"),which allows remote hackers to consume large amounts of CPU resources.

The Apache POI PMC released a bugfix version (3.10.1) today.

Solr users are affected by these issues, if they enable the "Apache Solr Content Extraction Library (Solr Cell)"contrib module from the folder "contrib/extraction" of the release tarball.

Users of Apache Solr are strongly advised to keep the module disabled if they don't use it.Alternatively, users of Apache Solr 4.8.0, 4.8.1, or 4.9.0 can update the affected libraries byreplacing the vulnerable JAR files in the distribution folder. Users of previous versions haveto update their Solr release first, patching older versions is impossible.

To replace the vulnerable JAR files follow these steps:

Download the Apache POI 3.10.1 binary release.

Unzip the archive.

Delete the following files in your "solr-4.X.X/contrib/extraction/lib" folder:

poi-3.10-beta2.jarpoi-ooxml-3.10-beta2.jarpoi-ooxml-schemas-3.10-beta2.jarpoi-scratchpad-3.10-beta2.jarxmlbeans-2.3.0.jar

Copy the following files from the base folder of the Apache POI distribution to the "solr-4.X.X/contrib/extraction/lib" folder:

poi-3.10.1-20140818.jarpoi-ooxml-3.10.1-20140818.jarpoi-ooxml-schemas-3.10.1-20140818.jarpoi-scratchpad-3.10.1-20140818.jar

Copy "xmlbeans-2.6.0.jar" from POI's "ooxml-lib/" folder to the "solr-4.X.X/contrib/extraction/lib" folder.

Verify that the "solr-4.X.X/contrib/extraction/lib" no longer contains any files with version number "3.10-beta2".

Verify that the folder contains one xmlbeans JAR file with version 2.6.0.

If you just want to disable extraction of Microsoft Office documents, delete the files above and don't replace them."Solr Cell" will automatically detect this and disable Microsoft Office document extraction.

Coming versions of Apache Solr will have the updated libraries bundled.

30 June 2014, Apache Solr Ref Guide for 4.9 Available¶

The Lucene PMC is pleased to announce that there is a new versionof the Solr Reference Guide for Solr 4.9.

The 408 page PDF serves as the definitive user's manual for Solr 4.9.It can be downloaded from the Apache mirror network:https://www.apache.org/dyn/closer.lua/lucene/solr/ref-guide/.

25 June 2014, Apache Solr 4.9.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.9.0

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.9.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txtfile included with the release for a full list of details.

Solr 4.9.0 Release Highlights:

Numerous optimizations for doc values search-time performance

Allow a client application to request the minium achieved replicationfactor for an update request (single or batch) by sending an optionalparameter "min_rf".

Query re-ranking support with the new ReRankingQParserPlugin.

A new [child ...] DocTransformer for optionally including Block-Joindecendent documents inline in the results of a search.

A new (default) Lucene49NormsFormat to better compress certain casessuch as very short fields.

20 May 2014, Apache Solr 4.8.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.8.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.8.1 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.8.1 includes 10 bug fixes,as well as Lucene 4.8.1 and its bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

2 May 2014, Apache Solr Ref Guide for 4.8 Available¶

The Lucene PMC is pleased to announce that there is a new versionof the Solr Reference Guide available for Solr 4.8.

The 396 page PDF serves as the definitive user's manual for Solr 4.8.It can be downloaded from the Apache mirror network:https://www.apache.org/dyn/closer.lua/lucene/solr/ref-guide/

28 April 2014, Apache Solr 4.8.0 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.8.0

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.8.0 is available for immediate download at:https://solr.apache.org/downloads.html

See the CHANGES.txtfile included with the release for a full list of details.

Solr 4.8.0 Release Highlights:

Apache Solr now requires Java 7 or greater (recommended isOracle Java 7 or OpenJDK 7, minimum update 55; earlier versionshave known JVM bugs affecting Solr).

Apache Solr is fully compatible with Java 8.

andtags have been deprecated from schema.xml.There is no longer any reason to keep them in the schema file,they may be safely removed. This allows intermixing of , anddefinitions if desired.

The new {!complexphrase} query parser supports wildcards, ORs etc.inside Phrase Queries.

New Collections API CLUSTERSTATUS action reports the status ofcollections, shards, and replicas, and also lists collectionaliases and cluster properties.

Added managed synonym and stopword filter factories, which enablesynonym and stopword lists to be dynamically managed via REST API.

JSON updates now support nested child documents, enabling {!child}and {!parent} block join queries.

Added ExpandComponent to expand results collapsed by theCollapsingQParserPlugin, as well as the parent/child relationshipof nested child documents.

Long-running Collections API tasks can now be executedasynchronously; the new REQUESTSTATUS action provides status.

Added a hl.qparser parameter to allow you to define a query parserfor hl.q highlight queries.

In Solr single-node mode, cores can now be created using namedconfigsets.

New DocExpirationUpdateProcessorFactory supports computing anexpiration date for documents from the "TTL" expression, as well asautomatically deleting expired documents on a periodic basis.

Solr 4.8.0 also includes many other new features as well as numerousoptimizations and bugfixes of the correspondingApache Lucene release.

15 April 2014, Apache Solr 4.7.2 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.7.2

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.7.2 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.7.2 includes 2 bug fixes,as well as Lucene 4.7.2 and its bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

2 April 2014, Apache Solr 4.7.1 Available¶

The Lucene PMC is pleased to announce the release of Apache Solr 4.7.1

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search. Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.7.1 is available for immediate download at:https://solr.apache.org/downloads.html

Solr 4.7.1 includes 28 bug fixes and one new configuration setting,as well as Lucene 4.7.1 and its bug fixes.

See the CHANGES.txtfile included with the release for a full list of details.

12 March 2014, Apache Solr 4.8 will require Java 7¶

The Apache Solr committers decided with a large majority on the vote to require Java 7 for the next minor release of Apache Solr (version 4.8)!

The next release will also contain some improvements for Java 7:

Better file handling (especially on Windows) in the directory implementations. Files can now be deleted on windows, although the index is still open - like it was always possible on Unix environments (delete on last close semantics).

Speed improvements in sorting comparators: Sorting now uses Java 7's own comparators for integer and long sorts, which are highly optimized by the Hotspot VM.

If you want to stay up-to-date with Lucene and Solr, you should upgrade your infrastructure to Java 7.Please be aware that you must use at least use Java 7u1.The recommended version at the moment is Java 7u25. Later versions like 7u40, 7u45,... have a bug causing index corrumption.Ideally use the Java 7u60 prerelease, which has fixed this bug. Once 7u60 is out, this will be the recommended version.In addition, there is no more Oracle/BEA JRockit available for Java 7, use the official Oracle Java 7.JRockit was never working correctly with Lucene/Solr (causing index corrumption), so this should not be an issue.Please also review our list of JVM bugs: http://wiki.apache.org/lucene-java/JavaBugs

EDIT (as of 15 April 2014): The recently released Java 7u55 fixes the above bug causing index corrumption.This version is now the recommended version for running Apache Solr.

5 March 2014, Apache Solr Ref Guide for 4.7 Available¶

The Lucene PMC is pleased to announce that there is a new version of the Solr Reference Guide available for Solr 4.7.

The 395 page PDF serves as the definitive user's manual for Solr 4.7. It can be downloaded from the Apache mirror network:https://www.apache.org/dyn/closer.lua/lucene/solr/ref-guide/

26 February 2014, Apache Solr 4.7.0 Available¶

The Lucene PMC is pleased to announce the release ofApache Solr 4.7

Solr is the popular, blazing fast, open source NoSQL search platformfrom the Apache Lucene project. Its major features include powerfulfull-text search, hit highlighting, faceted search, dynamicclustering, database integration, rich document (e.g., Word, PDF)handling, and geospatial search.Solr is highly scalable, providingfault tolerant distributed search and indexing, and powers the searchand navigation features of many of the world's largest internet sites.

Solr 4.7 is available for immediate download at:https://solr.apache.org/mirrors-solr-latest-redir.html

See the CHANGES.txtfile included with the release for a full list of details.

Solr 4.7 Release Highlights:

A new migrate collection API to split all documents with a route keyinto another collection.

Added support for tri-level compositeId routing.

Admin UI - Added a new Files conf directory browser/file viewer.

Add a QParserPlugin for Lucene's SimpleQueryParser.

Suggest improvements: a new SuggestComponent that fully utilizes theLucene suggester module; queries can now use multiple suggesters;Lucene's FreeTextSuggester and BlendedInfixSuggester are now supported.

New cursorMark request param for efficient deep paging of sortedresult sets. See http://s.apache.org/cursorpagination

Add a Solr contrib that allows for building Solr indexes via Hadoop'sMapReduce.

Upgrade to Spatial4j 0.4. Various new options are now exposedautomatically for an RPT field type.See Spatial4j CHANGES & javadocs.https://github.com/spatial4j/spatial4j/blob/master/CHANGES.md

SSL support for SolrCloud.

Solr 4.7 also includes many other new features as well as numerous optimizations and bugfixes.

免责声明:非本网注明原创的信息,皆为程序自动获取自互联网,目的在于传递更多信息,并不代表本网赞同其观点和对其真实性负责;如此页面有侵犯到您的权益,请给站长发送邮件,并提供相关证明(版权证明、身份证正反面、侵权链接),站长将在收到邮件24小时内删除。