[ANNOUNCE] Apache Accumulo 1.7.2 Released

2016-06-23 Thread Mike Drob
The Accumulo team is proud to announce the release of Accumulo version 1.7.2! This release contains over 30 bugfixes and improvements over 1.7.1, and is backwards-compatible with 1.7.0 and 1.7.1. Existing users of 1.7.1 are encouraged to upgrade immediately. This version is now available in

[ANNOUNCE] Apache Solr 8.5.2 released

2020-05-27 Thread Mike Drob
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26 May 2020, Apache Solr™ 8.5.2 available The Lucene PMC is pleased to announce the release of Apache Solr 8.5.2 Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include

[ANNOUNCE] Apache Lucene 8.5.2 released

2020-05-27 Thread Mike Drob
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 26 May 2020, Apache Lucene™ 8.5.2 available The Lucene PMC is pleased to announce the release of Apache Lucene 8.5.2. Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology

CVE-2021-27905: Apache Solr: SSRF vulnerability with the Replication handler

2021-04-12 Thread Mike Drob
Description: The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF

[ANNOUNCE] Apache Solr 8.8.2 released

2021-04-12 Thread Mike Drob
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Solr PMC is pleased to announce the release of Apache Solr 8.8.2 Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting,

CVE-2021-29943: Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections

2021-04-12 Thread Mike Drob
Description: When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving

CVE-2021-29262: Apache Solr: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings

2021-04-12 Thread Mike Drob
allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. This issue is being tracked as SOLR-15249 Mitigation: Manually set appropriate ACLs on /security.json znode. Credit: Timothy Potter and Mike Drob

[ANNOUNCE] Apache Solr 8.11.2 released

2022-06-21 Thread Mike Drob
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The Lucene and Solr PMCs are pleased to announce the release of Apache Solr 8.11.2. Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit