Re: SOLR cores are getting locked

2017-10-15 Thread Gunalan V
Thanks Erick, I'm using the one VM where all SOLRCloud and Zookeeper nodes are running. I have two solr nodes in solrcloud. Just wanted to check do I need to create different solr home directory using -s param for each SOLR nodes ? If yes kindly share me some documentation to configure separate

Re: zero-day exploit security issue

2017-10-15 Thread Shalin Shekhar Mangar
Yes, there is but it is private i.e. only the Apache Lucene PMC members can see it. This is standard for all security issues in Apache land. The fixes for this issue has been applied to the release branches and the Solr 7.1.0 release candidate is already up for vote. Barring any unforeseen circumst

RE: HOW DO I UNSUBSCRIBE FROM GROUP?

2017-10-15 Thread info
Hi, Just wondering how do I 'unsubscribe' from the emails I'm receiving from the group? I'm getting way more emails than I need right now and would like them to 'stop'... But there is NO UNSUBSCRIBE link in any of the emails. Thanks, Rita -Original Message- From: Reth RM [mailto:reth.

Efficient query to obtain DF

2017-10-15 Thread Reth RM
Dear Solr-User Group, Can you please suggest efficient query for retrieving term to document frequency(df) of that term at shard index level? I know we can get term to df mapping by applying termVectors component

Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)

2017-10-15 Thread Rick Leir
Thanks Florian, Jan! The unix way (starting 40 years ago) was small programs, working together via pipes and now services. Maybe Solr should not run executables, leave that task to ssh. The security conscious folks would probably 'prefer' that we take that feature out of Solr. Cheers -- Rick On

Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)

2017-10-15 Thread Jan Høydahl
I think Config API came in 5.0 through https://issues.apache.org/jira/browse/SOLR-6533 -- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com > 15. okt. 2017 kl. 15:29 skrev Florian Gleixner : > > On 13.10.2017 15:13, Rick L

Re: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)

2017-10-15 Thread Florian Gleixner
On 13.10.2017 15:13, Rick Leir wrote: > Hi all, > What is the earliest version which was vulnerable? > Thanks -- Rick > As far as i can understand, to exploit both vulnerabilities, you need Solr 5.1 or above (xml query parser), but the RunExecutableListener was also present in Solr 3.X. But i don