[ANNOUNCE] Apache Accumulo 1.7.2 Released

The Accumulo team is proud to announce the release of Accumulo version 1.7.2! This release contains over 30 bugfixes and improvements over 1.7.1, and is backwards-compatible with 1.7.0 and 1.7.1. Existing users of 1.7.1 are encouraged to upgrade immediately. This version is now available in Maven

[ANNOUNCE] Apache Lucene 8.5.2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26 May 2020, Apache Lucene™ 8.5.2 available The Lucene PMC is pleased to announce the release of Apache Lucene 8.5.2. Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitabl

[ANNOUNCE] Apache Solr 8.5.2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26 May 2020, Apache Solr™ 8.5.2 available The Lucene PMC is pleased to announce the release of Apache Solr 8.5.2 Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerfu

[ANNOUNCE] Apache Solr 8.8.2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Solr PMC is pleased to announce the release of Apache Solr 8.8.2 Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, facete

CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections

Description: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving h

CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings

allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. This issue is being tracked as SOLR-15249 Mitigation: Manually set appropriate ACLs on /security.json znode. Credit: Timothy Potter and Mike Drob

CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler

Description: The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability

[ANNOUNCE] Apache Curator 2.9.0 released

Hello, The Apache Curator team is pleased to announce the release of version 2.9.0. The Apache Curator Java libraries make using Apache ZooKeeper much easier and more reliable. Link to release notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12332392&projectId=12314425

[ANNOUNCE] Apache Solr 8.11.2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Lucene and Solr PMCs are pleased to announce the release of Apache Solr 8.11.2. Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit hig