Re: Query on CVE-2021-45046

[Ing. Andrea Vettori]

Hello, yesterday I replaced the jars from 2.13.2 to 2.16 and so far no issues.

— 
Ing. Andrea Vettori
Responsabile Sistemi Informativi
B2BIres s.r.l.

> On 15 Dec 2021, at 18:58, Alessandro Benedetti  wrote:
> 
> I would also encourage you to do the upgrade first on QA/Staging rather
> than directly on production, where possible.
> This could prevent nasty binary incompatibilities where the Solr build
> expects certain methods from the compiled log4j library, that mismatch with
> the upgraded jar.
> And a crashed offline production environment is definitely not better than
> a potentially vulnerable one :)
> 
> Cheers
> --
> Alessandro Benedetti
> Apache Lucene/Solr Committer
> Director, R&D Software Engineer, Search Consultant
> 
> www.sease.io
> 
> 
> On Wed, 15 Dec 2021 at 16:54, Shawn Heisey  wrote:
> 
>> On 12/15/21 9:41 AM, Ing. Andrea Vettori wrote:
>>> Hello, is it safe to simply replace the jars in the solr lib/ext folder
>> with version 2.16 or are they hardcoded in scripts or meta-inf files ?
>> 
>> 
>> This appears to work correctly if the original version of log4j included
>> was 2.14.1.  I have done this and had no problems.  I replaced it with
>> 2.15.0 as 2.16.0 had not yet come out when I did that testing.
>> 
>> But I have not tried it with Solr versions shipping with any log4j
>> version other than 2.14.1, or with a 2.16.0 replacement. I have no idea
>> whether that would work.  If the log4j team have done a good job of
>> keeping the API stable, I think it would work, but I do not have any
>> knowledge about that.  You would be better off asking the log4j project
>> about API compatibility between versions.
>> 
>> Thanks,
>> Shawn
>> 
>> 

Apache Log4J CVE-2021-44228

[Ramila Herath]

Hi;

In your security statement (https://solr.apache.org/security.html) it says the 
following

Upgrade to Solr 8.11.1 or greater (when available), which will include an 
updated version (>= 2.16.0) of the Log4J dependency

However I am unable to find a download link to 8.11.1. Latest I see it 8.11.0. 
please confirm where to download 8.11.1 from

ARG SOLR_VERSION="8.11.0"

SOLR_CLOSER_URL=http://www.apache.org/dyn/closer.lua?filename=lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz&action=download
 \
SOLR_DIST_URL=https://www.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz
 \
SOLR_ARCHIVE_URL=https://archive.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz
 \

Thanx in advance

Regards,

Ramila Herath (he/him)
Senior Software Architect | Experience Framework

[cid:image001.png@01D7F28A.84320C00]
+94 11 236 44 00
18th Floor, Orion Towers,
736, Dr. Danister De Silva Mawatha, Colombo 00900, SRI LANKA

[cid:image002.png@01D7F28A.84320C00]  
[cid:image003.png@01D7F28A.84320C00]    [A close up 
of a sign  Description automatically generated]    
[cid:image005.png@01D7F28A.84320C00] 

[A picture containing graphical user interface  Description automatically 
generated]
 [A picture containing shape  Description automatically generated] 

IFS World Operations AB is a private liability company registered in Sweden.
Corporate identity number: 556040-6042.
Registered office: Teknikringen 5, Box 1545, SE-581 15 Linköping.


Confidentiality notice and disclaimer
This e-mail is private and may contain confidential information. You must not 
use, disclose, or retain any of its content if you have received it in error: 
please notify its sender and then delete it. Any views or opinions expressed in 
this e-mail are strictly those of its author. We do not accept liability for 
the consequences of any data corruption, interception, tampering, or virus.

[ANNOUNCE] Apache Solr 8.11.1 released

[Jan Høydahl]

The Lucene and Solr PMCs are pleased to announce the release of Apache Solr 
8.11.1.

Solr is the popular, blazing fast, open source NoSQL search platform from the 
Apache Solr project. Its major features include powerful full-text search, hit 
highlighting, faceted search, dynamic clustering, database integration, rich 
document handling, and geospatial search. Solr is highly scalable, providing 
fault tolerant distributed search and indexing, and powers the search and 
navigation features of many of the world's largest internet sites.

Solr 8.11.1 is available for immediate download at:

https://lucene.apache.org/solr/downloads.html

Solr 8.11.1 Release Highlights:

Security

- Updates bundled log4j2 dependencies to address CVE-2021-44228 (SOLR-15843)
- Upgrade jaegertracing to 1.6.0 and libthrift to 0.14.1 to address 
CVE-2020-13949 (SOLR-15324)

Bugfixes

- Fixes to the new Admin UI Security and Schema Designer screens (SOLR-15825, 
SOLR-15774 and SOLR-15813)
- Fix regression in 8.11.0 for the Admin UI Files screen and Velocity 
(SOLR-15804)
- Admin endpoints for Zookeeper now by default protected by zk_read permission 
(SOLR-15768)
- Better default security.json uploaded by bin/solr tool (SOLR-15828)
- Switching a PRS collection from true -> false -> true resulted in INACTIVE 
replicas (SOLR-15794)
- Fix REPLACENODE to not use source node when choosing a target node 
(SOLR-15795)
- Fix NPE in pivot facets, add non-Analyzed query method in FieldType 
(SOLR-8319)
- Upgrade Velocity from to v2.3 and Velocity Tools to v3.1 (SOLR-15844)
- ..and more

Please refer to the Upgrade Notes in the Solr Ref Guide for information on 
upgrading from previous Solr versions:

https://solr.apache.org/guide/8_11/solr-upgrade-notes.html

Please read CHANGES.txt for a full list of bugfixes:

https://solr.apache.org/docs/8_11_1/changes/Changes.html

Re: When will solr 8.11.1 become available?

[Ishan Chattopadhyaya]

It is available now.

On Tue, Dec 14, 2021 at 7:36 AM Shawn Heisey  wrote:

> On 12/13/2021 4:12 PM, Andy Lester wrote:
> >> It is impossible to give you an accurate prediction for the release
> date of Solr 8.11.1.
> >
> > It sounds like it’s safe to say that the release will be “on the order
> of at least a week from now” would be safe, right?
> >
> > That might be all the accuracy that someone needs.
>
> If everything goes well and no problems are discovered with the first
> release candidate, that would likely be about when the release is
> announced.
>
> Thanks,
> Shawn
>

Re: When will solr 8.11.1 become available?

[Carlos Cueto]

Any idea when it will be available on Docker Hub? 8.11.1 tag is still not
added.

On Thu, Dec 16, 2021 at 9:25 AM Ishan Chattopadhyaya <
ichattopadhy...@gmail.com> wrote:

> It is available now.
>
> On Tue, Dec 14, 2021 at 7:36 AM Shawn Heisey  wrote:
>
> > On 12/13/2021 4:12 PM, Andy Lester wrote:
> > >> It is impossible to give you an accurate prediction for the release
> > date of Solr 8.11.1.
> > >
> > > It sounds like it’s safe to say that the release will be “on the order
> > of at least a week from now” would be safe, right?
> > >
> > > That might be all the accuracy that someone needs.
> >
> > If everything goes well and no problems are discovered with the first
> > release candidate, that would likely be about when the release is
> > announced.
> >
> > Thanks,
> > Shawn
> >
>

Log4j remediation in the Docker image

[Andy Lester]

> On Dec 16, 2021, at 8:26 AM, Carlos Cueto  wrote:
> 
> Any idea when it will be available on Docker Hub? 8.11.1 tag is still not
> added.


I don’t know, but yesterday I went and changed my build process for our Docker 
image of Solr to delete the JNDI classes from the jar files as a stopgap until 
a proper 8.11.1 came out. See 
https://logging.apache.org/log4j/2.x/security.html for details.

This is how I did it.

To be able to delete the class files, one must use zip, so I had to install 
that in the container. To install zip in the container, I had to make a fake 
UserAgent file for apt-get to not get refused by the mirrors.

Here is my Dockerfile:

FROM solr:8.11.0

# https://hub.docker.com/_/solr/
# https://github.com/docker-solr/docker-solr#extending-the-image
# https://solr.apache.org/docs/8_11_0/changes/Changes.html

# The SOLR_ vars override defaults.  See /etc/default/solr.in.sh in the 
container for more.

ENV \
TZ=America/Chicago \
SOLR_TIMEZONE=America/Chicago \
SOLR_HEAP=20g


USER root
RUN \
echo 'Installing additional packages' \
&& echo 'Create new agent to get around apt-get bugs per 
https://lists.debian.org/debian-user/2019/10/msg00629.html' \
&& echo 'Acquire' > /etc/apt/apt.conf.d/99useragent \
&& echo '{' >> /etc/apt/apt.conf.d/99useragent \
&& echo '  http::User-Agent "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) 
Gecko/20100101 Firefox/60.0";' >> /etc/apt/apt.conf.d/99useragent \
&& echo '};' >> /etc/apt/apt.conf.d/99useragent \
&& echo 'Done populating user agent' \
&& echo 'Installing zip' \
&& apt-get update \
&& apt-get install -y zip \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean all \
&& echo 'Done installing additional packages' \
&& echo 'Delete JNDI from the log4j files in both Solr and the exporter' \
&& zip -q -d 
/opt/solr-8.11.0/contrib/prometheus-exporter/lib/log4j-core-2.14.1.jar 
org/apache/logging/log4j/core/lookup/JndiLookup.class \
&& zip -q -d /opt/solr-8.11.0/server/lib/ext/log4j-core-2.14.1.jar 
org/apache/logging/log4j/core/lookup/JndiLookup.class \
&& echo 'Deleted JNDI from jars'
USER solr

I hope this helps someone.

Andy

How do I determine which hardware device and software has log4j zero-day security vulnerability?

[Turritopsis Dohrnii Teo En Ming]

Subject: How do I determine which hardware device and software has
log4j zero-day security vulnerability?

Good day from Singapore,

I am working for a Systems Integrator (SI) in Singapore. We have
several clients writing in, requesting us to identify log4j zero-day
security vulnerability in their corporate infrastructure.

It seems to be pretty difficult to determine which hardware device and
which software has the vulnerability. There seems to be no lists of
hardware devices and software affected by the flaw any where on the
internet.

Could you refer me to definitive documentation/guides on how to
identify log4j security flaw in hardware devices and software?

Thank you very much for your kind assistance.

Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021,
is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant
with a Systems Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.





-BEGIN EMAIL SIGNATURE-

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html



Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-END EMAIL SIGNATURE-

Re: Read-only user in solr not working as expected

[Timothy Potter]

Try adding the "all" permission with the "admin" role assigned (in the
last position in the permission list). Having all explicitly defined
(and last) will cover all other permissions that aren't explicitly
defined in your config.

On Wed, Dec 15, 2021 at 2:05 AM Martin Schober  wrote:
>
> Dear solr community,
>
> I would like to create two users in solr: An admin and a dev.
> The dev should not be able to edit the solr metadata. This user should
> not be able to use solr.add or solr delete, I would like him only to be
> able to use solr.search for our metadata solr-core (in python pysolr).
>
> However, the user can always use solr.add and solr.delete, no matter
> what permissions I set for him. Here is my security.json:
>
>  {
>"authentication":{
>  "blockUnknown":true,
>  "class":"solr.BasicAuthPlugin",
>  "credentials":{
>"my_admin":"",
>"my_dev":""},
>  "forwardCredentials":false,
>  "":{"v":0}},
>"authorization":{
>  "class":"solr.RuleBasedAuthorizationPlugin",
>  "user-role":{
>"my_admin":["admin"],
>"my_dev":["dev"]},
>  "permissions":[
>{
>  "name":"security-edit",
>  "role":["admin"],
>  "index":1},
>{
>  "name":"read",
>  "role":["dev"],
>  "index":2}],
>  "":{"v":0}}
>}
>
> I also tried `zk-read`, `metics-read`, `security-read`,
> `collection-admin-read` instead of `read`, always with the same result.
> The user my_dev can always use solr.add and solr.delete.
>
> Greetings
> Martin
>
> --
> Martin Schober
>
> Arbeitsgruppe: Faserbahnarchitektur (FA)
> Institut für Neurowissenschaften und Medizin
> Strukturelle und funktionelle Organisation des Gehirns (INM-1)
>
> Telefon: +49 2461 61-9148
> E-Mail: m.scho...@fz-juelich.de
> Geb. 15.9, Raum 4017
> Homepage: 
> http://www.fz-juelich.de/SharedDocs/Personen/INM/INM-1/DE/Schober_Martin.html
>
> -
> -
> Forschungszentrum Juelich GmbH
> 52425 Juelich
> Sitz der Gesellschaft: Juelich
> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
> Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
> Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht,
> Prof. Dr. Frauke Melchior
> -
> -
>

null pointer exception for solr package management v8.11.0

[andrew goh]

hi all,

I'm a newbie to solr, need some help.

While i'm trying to use solr 8.11.0. after starting solr with
bin/solr -Denable.packages=true

All the commands with package management

bin/solr package cmd

ends with a null pointer exception.

Is there any way to resolve this?

Thanks in advance,
  Andrew

~/java/solr-8.11.0> bin/solr -Denable.packages=true
*** [WARN] *** Your open file limit is currently 1024.
 It should be set to 65000 to avoid operational disruption.
 If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to 
false in your profile or solr.in.sh

Waiting up to 180 seconds to see Solr running on port 8983 [\]
Started Solr server on port 8983 (pid=20869). Happy searching!

~/java/solr-8.11.0> bin/solr package list-installed
org.apache.solr.common.SolrException: java.lang.NullPointerException
    at 
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:182)
    at 
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:119)
    at 
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:114)
    at 
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:101)
    at 
org.apache.solr.packagemanager.PackageManager.(PackageManager.java:85)

    at org.apache.solr.util.PackageTool.runImpl(PackageTool.java:85)
    at org.apache.solr.util.SolrCLI$ToolBase.runTool(SolrCLI.java:196)
    at org.apache.solr.util.SolrCLI.main(SolrCLI.java:304)
Caused by: java.lang.NullPointerException
    at 
org.apache.zookeeper.client.ConnectStringParser.(ConnectStringParser.java:54)
    at 
org.apache.zookeeper.ZooKeeper.createDefaultHostProvider(ZooKeeper.java:1515)

    at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:1108)
    at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:818)
    at 
org.apache.solr.common.cloud.SolrZooKeeper.(SolrZooKeeper.java:44)
    at 
org.apache.solr.common.cloud.ZkClientConnectionStrategy.createSolrZooKeeper(ZkClientConnectionStrategy.java:109)
    at 
org.apache.solr.common.cloud.DefaultConnectionStrategy.connect(DefaultConnectionStrategy.java:37)
    at 
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:160)

    ... 7 more

ERROR: java.lang.NullPointerException

Re: null pointer exception for solr package management v8.11.0

[Timothy Potter]

Does passing the -zkHost  option to the package command help?

On Thu, Dec 16, 2021 at 10:52 AM andrew goh  wrote:
>
> hi all,
>
> I'm a newbie to solr, need some help.
>
> While i'm trying to use solr 8.11.0. after starting solr with
> bin/solr -Denable.packages=true
>
> All the commands with package management
>
> bin/solr package cmd
>
> ends with a null pointer exception.
>
> Is there any way to resolve this?
>
> Thanks in advance,
>Andrew
>
> ~/java/solr-8.11.0> bin/solr -Denable.packages=true
> *** [WARN] *** Your open file limit is currently 1024.
>   It should be set to 65000 to avoid operational disruption.
>   If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to
> false in your profile or solr.in.sh
> Waiting up to 180 seconds to see Solr running on port 8983 [\]
> Started Solr server on port 8983 (pid=20869). Happy searching!
>
> ~/java/solr-8.11.0> bin/solr package list-installed
> org.apache.solr.common.SolrException: java.lang.NullPointerException
>  at
> org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:182)
>  at
> org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:119)
>  at
> org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:114)
>  at
> org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:101)
>  at
> org.apache.solr.packagemanager.PackageManager.(PackageManager.java:85)
>  at org.apache.solr.util.PackageTool.runImpl(PackageTool.java:85)
>  at org.apache.solr.util.SolrCLI$ToolBase.runTool(SolrCLI.java:196)
>  at org.apache.solr.util.SolrCLI.main(SolrCLI.java:304)
> Caused by: java.lang.NullPointerException
>  at
> org.apache.zookeeper.client.ConnectStringParser.(ConnectStringParser.java:54)
>  at
> org.apache.zookeeper.ZooKeeper.createDefaultHostProvider(ZooKeeper.java:1515)
>  at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:1108)
>  at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:818)
>  at
> org.apache.solr.common.cloud.SolrZooKeeper.(SolrZooKeeper.java:44)
>  at
> org.apache.solr.common.cloud.ZkClientConnectionStrategy.createSolrZooKeeper(ZkClientConnectionStrategy.java:109)
>  at
> org.apache.solr.common.cloud.DefaultConnectionStrategy.connect(DefaultConnectionStrategy.java:37)
>  at
> org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:160)
>  ... 7 more
>
> ERROR: java.lang.NullPointerException
>

SOLR Version 8.5.1- java.io.IOException: Request processing has stalled for X ms with N remaining elements in the queue.

[Nikhilesh Jannu]

Hi Team,

Looking for some guidance here.

One of our SOLR Cloud cluster has started showing lot of errors related to

java.io.IOException: Request processing has stalled for 20029ms with 100
remaining elements in the queue.

Based on our analysis as the requests are getting stalled we are seeing a
lot of slowness particularly for that SOLR collection in doing the index
updates.

We checked the leader instance showing the error for CPU , Memory and disk
utilization and all looks fine. In order to debug it further we would like
to know what parameter we can go look at to further understand any
optimizations we can do.  I have checked other discussions around the same
error statement.

Thank you in advance for any help.

Regards,
Nikhilesh Jannu

Re: null pointer exception for solr package management v8.11.0

[andrew goh]

hi Timothy,

Thanks for your response !
When I run solr package -h i got:

bin/solr package -h
Failed to parse command-line arguments due to: Unrecognized option: -h
usage: org.apache.solr.util.SolrCLI
 -c,--collection  The collection to apply the package to, not
  required.
 -cluster Specifies that this action should affect
  cluster-level plugins only.
 -collections    Specifies that this action should affect
  plugins for the given collections only,
  excluding cluster level plugins.
 -help    Print this message
 -p,--param   List of parameters to be used with deploy
  command.
 -solrUrl    Address of the Solr Web application,
  defaults to: http://localhost:8983/solr.
 -u,--update  If a deployment is an update over a previous
  deployment.
 -verbose Generate verbose log messages
 -y,--noprompt    Don't prompt for input; accept all default
  choices, defaults to false.

I think your hint on zkhost helps, apparently I'm not running in the 
'cloud' mode.
That is because I'm hitting some problems in that mode with my indexes. 
I'd try redoing my indexes and see if I can run it in cloud mode.


On 17/12/2021 04:04, Timothy Potter wrote:

Does passing the -zkHost  option to the package command help?

On Thu, Dec 16, 2021 at 10:52 AM andrew goh 
 wrote:

hi all,

I'm a newbie to solr, need some help.

While i'm trying to use solr 8.11.0. after starting solr with
bin/solr -Denable.packages=true

All the commands with package management

bin/solr package cmd

ends with a null pointer exception.

Is there any way to resolve this?

Thanks in advance,
Andrew

~/java/solr-8.11.0> bin/solr -Denable.packages=true
*** [WARN] *** Your open file limit is currently 1024.
It should be set to 65000 to avoid operational disruption.
If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to
false in your profile or solr.in.sh
Waiting up to 180 seconds to see Solr running on port 8983 [\]
Started Solr server on port 8983 (pid=20869). Happy searching!

~/java/solr-8.11.0> bin/solr package list-installed
org.apache.solr.common.SolrException: java.lang.NullPointerException
at
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:182)
at
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:119)
at
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:114)
at
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:101)
at
org.apache.solr.packagemanager.PackageManager.(PackageManager.java:85)
at org.apache.solr.util.PackageTool.runImpl(PackageTool.java:85)
at org.apache.solr.util.SolrCLI$ToolBase.runTool(SolrCLI.java:196)
at org.apache.solr.util.SolrCLI.main(SolrCLI.java:304)
Caused by: java.lang.NullPointerException
at
org.apache.zookeeper.client.ConnectStringParser.(ConnectStringParser.java:54)
at
org.apache.zookeeper.ZooKeeper.createDefaultHostProvider(ZooKeeper.java:1515)
at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:1108)
at org.apache.zookeeper.ZooKeeper.(ZooKeeper.java:818)
at
org.apache.solr.common.cloud.SolrZooKeeper.(SolrZooKeeper.java:44)
at
org.apache.solr.common.cloud.ZkClientConnectionStrategy.createSolrZooKeeper(ZkClientConnectionStrategy.java:109)
at
org.apache.solr.common.cloud.DefaultConnectionStrategy.connect(DefaultConnectionStrategy.java:37)
at
org.apache.solr.common.cloud.SolrZkClient.(SolrZkClient.java:160)
... 7 more

ERROR: java.lang.NullPointerException

Re: Apache Log4J CVE-2021-44228

[Shawn Heisey]

On 12/16/2021 2:09 AM, Ramila Herath wrote:
However I am unable to find a download link to 8.11.1. Latest I see it 
8.11.0. please confirm where to download 8.11.1 from


One of these URLs should work, depending on what OS you want to extract on:

https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.tgz?action=download
https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.zip?action=download

The download page for Solr has now been updated and has those links on 
it.  When I started writing this message, it hadn't yet been updated.


The release process we have had in place for many years is not fast. 
Hopefully we can implement a streamlined process for security fixes in 
the future.  I apologize for the delay in getting this release out.


Thanks,
Shawn

Re: SOLR Version 8.5.1- java.io.IOException: Request processing has stalled for X ms with N remaining elements in the queue.

[Shawn Heisey]

On 12/16/2021 1:22 PM, Nikhilesh Jannu wrote:

One of our SOLR Cloud cluster has started showing lot of errors related to

java.io.IOException: Request processing has stalled for 20029ms with 100
remaining elements in the queue.


The error message will have significantly more detail than that.  We 
would need to see ALL the lines in the error message to have any hope of 
figuring out where the problem is happening.


What is the max heap size for Solr?  Have you changed the GC tuning? 
Can you provide the solr GC logs from that server?  Note that you cannot 
attach those logs to email because the mailing list will eat them ... 
you will need to put them on a file-sharing website and provide a URL to 
download them.


Thanks,
Shawn

Re: When will solr 8.11.1 become available?

[David Smiley]

https://github.com/docker-solr/docker-solr/pull/401
I would guess perhaps in 12 hours from now maybe.

~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley


On Thu, Dec 16, 2021 at 9:26 AM Carlos Cueto  wrote:

> Any idea when it will be available on Docker Hub? 8.11.1 tag is still not
> added.
>
> On Thu, Dec 16, 2021 at 9:25 AM Ishan Chattopadhyaya <
> ichattopadhy...@gmail.com> wrote:
>
> > It is available now.
> >
> > On Tue, Dec 14, 2021 at 7:36 AM Shawn Heisey 
> wrote:
> >
> > > On 12/13/2021 4:12 PM, Andy Lester wrote:
> > > >> It is impossible to give you an accurate prediction for the release
> > > date of Solr 8.11.1.
> > > >
> > > > It sounds like it’s safe to say that the release will be “on the
> order
> > > of at least a week from now” would be safe, right?
> > > >
> > > > That might be all the accuracy that someone needs.
> > >
> > > If everything goes well and no problems are discovered with the first
> > > release candidate, that would likely be about when the release is
> > > announced.
> > >
> > > Thanks,
> > > Shawn
> > >
> >
>

Re: SOLR Version 8.5.1- java.io.IOException: Request processing has stalled for X ms with N remaining elements in the queue.

[Nikhilesh Jannu]

Hi Shawn,

Thanks for the response. Based on the questions you have provided I have
collected the following data.

a. This is the stack trace :

2021-12-16 18:05:11.834 ERROR (qtp1765690649-66565) [c:ss s:shard1
r:core_node24 x:ss_shard1_replica_n23] o.a.s.u.SolrCmdDistributor
java.io.IOException: Request processing has stalled for 20032ms with 100
remaining elements in the queue.
at
org.apache.solr.client.solrj.impl.ConcurrentUpdateHttp2SolrClient.request(ConcurrentUpdateHttp2SolrClient.java:448)
at
org.apache.solr.client.solrj.SolrClient.request(SolrClient.java:1290)
at
org.apache.solr.update.SolrCmdDistributor.doRequest(SolrCmdDistributor.java:344)
at
org.apache.solr.update.SolrCmdDistributor.submit(SolrCmdDistributor.java:337)
at
org.apache.solr.update.SolrCmdDistributor.distribAdd(SolrCmdDistributor.java:242)
at
org.apache.solr.update.processor.DistributedZkUpdateProcessor.doDistribAdd(DistributedZkUpdateProcessor.java:300)
at
org.apache.solr.update.processor.DistributedUpdateProcessor.processAdd(DistributedUpdateProcessor.java:233)
at
org.apache.solr.update.processor.DistributedZkUpdateProcessor.processAdd(DistributedZkUpdateProcessor.java:245)
at
org.apache.solr.update.processor.LogUpdateProcessorFactory$LogUpdateProcessor.processAdd(LogUpdateProcessorFactory.java:103)
at
org.apache.solr.handler.loader.JavabinLoader$1.update(JavabinLoader.java:110)
at
org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readOuterMostDocIterator(JavaBinUpdateRequestCodec.java:332)
at
org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readIterator(JavaBinUpdateRequestCodec.java:281)
at
org.apache.solr.common.util.JavaBinCodec.readObject(JavaBinCodec.java:338)
at
org.apache.solr.common.util.JavaBinCodec.readVal(JavaBinCodec.java:283)
at
org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec$StreamingCodec.readNamedList(JavaBinUpdateRequestCodec.java:236)
at
org.apache.solr.common.util.JavaBinCodec.readObject(JavaBinCodec.java:303)
at
org.apache.solr.common.util.JavaBinCodec.readVal(JavaBinCodec.java:283)
at
org.apache.solr.common.util.JavaBinCodec.unmarshal(JavaBinCodec.java:196)
at
org.apache.solr.client.solrj.request.JavaBinUpdateRequestCodec.unmarshal(JavaBinUpdateRequestCodec.java:127)
at
org.apache.solr.handler.loader.JavabinLoader.parseAndLoadDocs(JavabinLoader.java:122)
at
org.apache.solr.handler.loader.JavabinLoader.load(JavabinLoader.java:70)
at
org.apache.solr.handler.UpdateRequestHandler$1.load(UpdateRequestHandler.java:97)
at
org.apache.solr.handler.ContentStreamHandlerBase.handleRequestBody(ContentStreamHandlerBase.java:68)
at
org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:211)
at org.apache.solr.core.SolrCore.execute(SolrCore.java:2596)
at
org.apache.solr.servlet.HttpSolrCall.execute(HttpSolrCall.java:802)
at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:579)
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:420)
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:352)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
at
org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:177)
at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)