I can reproduce : ( I suspect this is something I broke recently. As a part of SOLR-18054 I added some path-normalization to fix an issue reported to our security@ list (and that eventually resulted in CVE-2026-22022), and the Admin UI 401 bug disappears if I go back before that change of mine.
The AI-suggested fix looks correct to me given my understanding of the original issue; I'll open a PR for it shortly. Sorry all! On Thu, Feb 5, 2026 at 10:39 AM Anshum Gupta <[email protected]> wrote: > > Thanks for letting me know, Eric. I haven’t tested this but this doesn’t > make much sense but I’ll hold off on announcing the result until after more > of us have tested this in a few hours. > > Anshum Gupta > > > On Thu, Feb 5, 2026 at 05:22 Eric Pugh <[email protected]> wrote: > > > I think we might have a blocker! On ApacheSolr slack we got a bug report > > about not being able to log in with Basic Auth. Rahul looked into a bit. > > > > To reproduce on branch_10_0 (and I think on main) > > > > bin/solr start > > bin/solr auth enable --type basicAuth --credentials name:password > > > > Then go to localhost:8983/solr and you will see a 401 error. The cycle > > for logging in never happens. > > > > With the help of Claude, this patch fixes it: > > > > diff --git a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java > > b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java > > index 1350decd702..a5ef763972d 100644 > > --- a/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java > > +++ b/solr/core/src/java/org/apache/solr/servlet/HttpSolrCall.java > > @@ -605,8 +605,10 @@ public class HttpSolrCall { > > private boolean shouldAuthorize() { > > if (PublicKeyHandler.PATH.equals(path)) return false; > > // admin/info/key is the path where public key is exposed . it is > > always unsecured > > - if ("/".equals(path) || "/solr/".equals(path)) > > + // Empty path also needs to bypass (happens when accessing /solr/) > > + if ("/".equals(path) || "/solr/".equals(path) || path.isEmpty()) { > > return false; // Static Admin UI files must always be served > > + } > > if (cores.getPkiAuthenticationSecurityBuilder() != null && > > req.getUserPrincipal() != null) { > > boolean b = > > cores.getPkiAuthenticationSecurityBuilder().needsAuthorization(req); > > log.debug("PkiAuthenticationPlugin says authorization required : {} > > ", b); > > > > I don't know what changed to need the path.isEmpty however... The person > > who first found the bug is going to try and test the patch. > > > > Eric > > > > On 2026/02/04 18:41:01 Rahul Goswami wrote: > > > I was conflicted between a 0 and a +1. So was refraining from voting > > again. > > > I'd like to change my vote to +1 for reasons mentioned earlier. > > > > > > And thanks for your work with this release. > > > > > > Rahul > > > > > > On Wed, Feb 4, 2026 at 11:28 AM Anshum Gupta <[email protected]> > > wrote: > > > > > > > @Rahul - Do you plan to change the vote in that case? Or would you > > want to > > > > stick with the -1? > > > > > > > > On Tue, Feb 3, 2026 at 10:12 AM Rahul Goswami <[email protected]> > > > > wrote: > > > > > > > > > Hey Anshum, sorry I missed the previous email. Thanks for the > > reminder. > > > > > > > > > > After fixing the build issues and smoke tester on Windows, and being > > able > > > > > to run the tests on RC3, the only open application issue I could spot > > > > while > > > > > kicking the tires is with running an example in standalone mode > > (i.e. it > > > > > always launches example in solrcloud). This isn't a production > > blocker, > > > > and > > > > > I verified that starting the server in standalone mode with usual > > > > > parameters still works fine on Windows. > > > > > > > > > > Agreed this doesn't warrant another RC. > > > > > > > > > > Rahul > > > > > > > > > > On Tue, Feb 3, 2026 at 12:57 PM Anshum Gupta <[email protected]> > > wrote: > > > > > > > > > > > Rahul, checking in again in case you missed the previous email. > > > > > > > > > > > > > > > > > > On Mon, Feb 2, 2026 at 12:21 AM Houston Putman <[email protected] > > > > > > > > wrote: > > > > > > > > > > > > > SUCCESS! [1:39:05.919541] > > > > > > > > > > > > > > +1 (binding) > > > > > > > > > > > > > > - Houston > > > > > > > > > > > > > > On Sun, Feb 1, 2026 at 10:08 PM Anshum Gupta <[email protected]> > > > > > wrote: > > > > > > > > > > > > > > > Hi Rahul, > > > > > > > > > > > > > > > > Thanks for all of your effort in addressing the issues related > > to > > > > > > > > running/testing Solr on Windows. > > > > > > > > > > > > > > > > It doesn’t seem like the current issues call for a new RC to be > > > > built > > > > > > and > > > > > > > > voted on. They still need to be fixed (in the next release) > > but the > > > > > > > current > > > > > > > > RC shouldn’t cause actual issues. > > > > > > > > > > > > > > > > What are your thoughts? > > > > > > > > > > > > > > > > Anshum Gupta > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Jan 26, 2026 at 8:33 AM Rahul Goswami < > > > > [email protected] > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > UPDATE: I was finally able to fix the smokeTester on Windows > > (PR > > > > > > > > incoming). > > > > > > > > > The tests for RC3 run fine on Windows (minus couple of flakey > > > > > tests), > > > > > > > > which > > > > > > > > > is what I mainly wanted to ensure. > > > > > > > > > > > > > > > > > > Among the basic sanity checks I did manually, inability to > > run an > > > > > > > example > > > > > > > > > in user-managed mode is the only open issue I could find > > (fixed > > > > on > > > > > > main > > > > > > > > and > > > > > > > > > branch_10x). > > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Jan 26, 2026 at 3:39 AM Arrieta, Alejandro < > > > > > > > > > [email protected]> wrote: > > > > > > > > > > > > > > > > > > > amd64 on Ubuntu 24.04 LTS > > > > > > > > > > temurin Temurin-21.0.10+7 SUCCESS! [0:57:43.107730] > > > > > > > > > > azul Zulu21.48+15-CA SUCCESS! [0:57:21.412434] > > > > > > > > > > oracle 2025-10-21 LTS SUCCESS! [0:56:43.795738] > > > > > > > > > > ubuntu openjdk build 21.0.9+10-Ubuntu-124.04 SUCCESS! > > > > > > > [0:56:35.598028] > > > > > > > > > > microsoft jdk Microsoft-12574458 SUCCESS! [0:55:39.946492] > > > > > > > > > > graalvm GraalVM CE 21.0.9+10.1 SUCCESS! [0:56:42.202942] > > > > > > > > > > > > > > > > > > > > aarch64 on Raspberry Pi 5 Ubuntu 24.04 LTS > > > > > > > > > > ubuntu openjdk build 21.0.9+10-Ubuntu-124.04 SUCCESS! > > > > > > > [2:44:01.665537] > > > > > > > > > > > > > > > > > > > > +1 non binding > > > > > > > > > > > > > > > > > > > > On Fri, Jan 23, 2026 at 11:19 PM Andrey Ukhanov > > (BLOOMBERG/ 919 > > > > > 3RD > > > > > > > A) > > > > > > > > < > > > > > > > > > > [email protected]> wrote: > > > > > > > > > > > > > > > > > > > > > +1 (non-binding) > > > > > > > > > > > > > > > > > > > > > > SUCCESS! [0:50:10.558971] > > > > > > > > > > > > > > > > > > > > > > From: [email protected] At: 01/21/26 17:17:35 > > UTC-5:00To: > > > > > > > > > > > [email protected] > > > > > > > > > > > Subject: [VOTE] Release Solr 10.0.0 RC3 > > > > > > > > > > > > > > > > > > > > > > Hi everyone, > > > > > > > > > > > > > > > > > > > > > > Thank you for your patience with the multiple release > > > > > candidates > > > > > > > for > > > > > > > > > > > releasing Solr 10. > > > > > > > > > > > > > > > > > > > > > > Please vote for *Release Candidate 3* for Solr 10.0.0 > > > > > > > > > > > > > > > > > > > > > > If you already voted for RC2, please note that there are > > *no > > > > > code > > > > > > > > > changes > > > > > > > > > > > in this RC as compared to the previous one* and it'd be > > great > > > > > if > > > > > > > you > > > > > > > > > > could > > > > > > > > > > > cast your vote for this one as well. > > > > > > > > > > > > > > > > > > > > > > *An important note for non-committers:* Your vote counts! > > > > > Please > > > > > > > test > > > > > > > > > and > > > > > > > > > > > vote for this RC and help us in releasing a candidate > > that's > > > > > > tested > > > > > > > > by > > > > > > > > > > > multiple people, across multiple platforms, on a variety > > of > > > > > > > machines > > > > > > > > > and > > > > > > > > > > > JVMs. > > > > > > > > > > > > > > > > > > > > > > Thank you for your vote and involvement in the Apache > > Solr > > > > > > project. > > > > > > > > > > > > > > > > > > > > > > The artifacts can be downloaded from: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb > > > > > > > > > > > 1261bd772bc4dadd528abbac > > > > > > > > > > > < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb1261bd772bc4dadd528abbac > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > You can run the smoke tester directly with this command: > > > > > > > > > > > > > > > > > > > > > > python3 -u dev-tools/scripts/smokeTestRelease.py \ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb > > > > > > > > > > > 1261bd772bc4dadd528abbac > > > > > > > > > > > < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb1261bd772bc4dadd528abbac > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > You can build a release-candidate of the official docker > > > > images > > > > > > > > (full & > > > > > > > > > > > slim) using the following command: > > > > > > > > > > > > > > > > > > > > > > SOLR_DOWNLOAD_SERVER= > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb > > > > > > > > > > > 1261bd772bc4dadd528abbac/solr > > > > > > > > > > > < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/solr/solr-10.0.0-RC3-rev-016965ccedaea5bb1261bd772bc4dadd528abbac/solr > > > > > > > > > > > > > > > > > > > > > > && \ > > > > > > > > > > > docker build > > > > > > > > > > > > $SOLR_DOWNLOAD_SERVER/10.0.0/docker/Dockerfile.official-full > > > > > > > > > > > \ > > > > > > > > > > > --build-arg > > SOLR_DOWNLOAD_SERVER=$SOLR_DOWNLOAD_SERVER \ > > > > > > > > > > > -t solr-rc:10.0.0-3 && \ > > > > > > > > > > > docker build > > > > > > > > > > > > $SOLR_DOWNLOAD_SERVER/10.0.0/docker/Dockerfile.official-slim > > > > > > > > > > > \ > > > > > > > > > > > --build-arg > > SOLR_DOWNLOAD_SERVER=$SOLR_DOWNLOAD_SERVER \ > > > > > > > > > > > -t solr-rc:10.0.0-3-slim > > > > > > > > > > > > > > > > > > > > > > The > > > > > > > > > > > *vote will be open for at least 5 days i.e. until > > 2026-01-26 > > > > > > 23:00 > > > > > > > > > UTC.* > > > > > > > > > > > [ ] +1 approve > > > > > > > > > > > [ ] +0 no opinion > > > > > > > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > > > > > > > > > > > > > Here is my +1. > > > > > > > > > > > SUCCESS! [0:48:11.146422] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Anshum Gupta > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
