Severity: Low

Versions Affected:
8.1.1 and 8.2.0 for Linux

It has been discovered [1] that the 8.1.1 and 8.2.0 releases contain a bad 
setting for the ENABLE_REMOTE_JMX_OPTS setting in the default file
shipping with Solr.

Windows users and users with custom files are not affected.

If you are using the default file from the affected releases, then
JMX monitoring will be enabled and exposed on JMX_PORT (default = 18983),
without any authentication. So if your firewalls allows inbound traffic on 
JMX_PORT, then anyone with network access to your Solr nodes will be able to 
access monitoring data exposed over JMX.

Edit, set ENABLE_REMOTE_JMX_OPTS=false and restart Solr.
Alternatively wait for the future 8.3.0 release and upgrade.


Reply via email to