[CVE-2020-13941] Apache Solr information disclosure vulnerability

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler ( https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these

[ANNOUNCE] Apache Solr 8.6.1 released

The Lucene PMC is pleased to announce the release of Apache Solr 8.6.1. Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database

[ANNOUNCE] Apache Lucene 8.6.1 released

The Lucene PMC is pleased to announce the release of Apache Lucene 8.6.1. Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. This

Re: When zero offsets are not bad - a.k.a. multi-token synonyms yet again

Hi Mike, Thanks for the question! And sorry for the delay, I haven't managed to get to it yesterday. I have generated better output, marked with (*) where it currently fails the first time and also included one extra case to illustrate the PositionLength attribute. assertU(adoc("id", "603",

Re: One tlog remaining after commit after upgrade to 8.6.0?

Does it rotate? I.e. is there a new one after every commit? If you have steps to repro I can take a look. I’ve also been fooled by having ZK_HOST defined when I _think_ I’m running standalone that’s caused some head-scratching… Erick > On Aug 14, 2020, at 4:41 AM, Dawid Weiss wrote: > >

Re: Welcome Munendra SN to the PMC

Welcome Munendra! From: dev@lucene.apache.org At: 08/07/20 02:38:27To: dev@lucene.apache.org Subject: Re: Welcome Munendra SN to the PMC Congrats Munendra! -Yonik On Sun, Aug 2, 2020 at 7:20 PM Ishan Chattopadhyaya wrote: I am pleased to announce that Munendra SN has accepted the PMC's

Re: Welcome Gus Heck to the PMC

Welcome Gus! From: dev@lucene.apache.org At: 08/07/20 02:38:58To: dev@lucene.apache.org Subject: Re: Welcome Gus Heck to the PMC Congrats Gus! -Yonik On Sun, Aug 2, 2020 at 7:21 PM Ishan Chattopadhyaya wrote: I am pleased to announce that Gus Heck has accepted the PMC's invitation to

Re: Welcome Namgyu Kim to the PMC

Welcome Namgyu! From: dev@lucene.apache.org At: 08/07/20 02:39:56To: dev@lucene.apache.org Subject: Re: Welcome Namgyu Kim to the PMC Congrats Namgyu! -Yonik On Sun, Aug 2, 2020 at 7:19 PM Ishan Chattopadhyaya wrote: I am pleased to announce that Namgyu Kim has accepted the PMC's

Re: Survey on ManagedResources feature

I imagine that some users have build custom UIs to manage stopwords or synonyms over REST instead of having to copy files to Solr or Zookeeper. Question is whether to try improve the security of the APIs, or disable them by default and document the limitations related to using them, which could

Re: Survey on ManagedResources feature

As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct? Anyway, I came across Managed Resources in at least two

One tlog remaining after commit after upgrade to 8.6.0?

Hmm... I've upgraded a Solr instance (not a cloud one) from 7.x to 8.6.0 and the same code always produces one remaining unflushable tlog file (external hard commit passes but tlog remains open and unflushed). Is there anything that's changed and that I'm missing? Dawid