To unsubscribe, see https://solr.apache.org/community.html#mailing-lists-chat
Jan
> 15. des. 2021 kl. 04:30 skrev John Eberly :
>
> unsubscribe
>
>
> On Mon, Dec 13, 2021 at 8:53 AM Walter Underwood
> wrote:
>
>> Zookeeper 3.5.7 uses log4j 1.x, so is not vulnerable. I checked.
>>
>> wunder
Dear solr community,
I would like to create two users in solr: An admin and a dev.
The dev should not be able to edit the solr metadata. This user should
not be able to use solr.add or solr delete, I would like him only to be
able to use solr.search for our metadata solr-core (in python pysolr)
Hi List,
Since upgrading from solr 8.8.2 to 8.11.0 we get the following error message:
Using join queries with synchronous filterCache is not supported! Details can
be found in Solr Reference Guide under 'query-settings-in-solrconfig'.
Looking at the commit history this was recently added:
https
Hello, Jens.
Have you considered turning async=true for the cache?
On Wed, Dec 15, 2021 at 1:49 PM Jens Viebig wrote:
> Hi List,
> Since upgrading from solr 8.8.2 to 8.11.0 we get the following error
> message:
>
> Using join queries with synchronous filterCache is not supported! Details
> can b
Hi all,
Looks like we are not done with log4j security problems. Someone has
recommendations about CVE-2021-45046?
Eric Briere
Isn't the example with "zip -q -d ..." as reported in the CVE not working for
you?
Regards
Bernd
Am 15.12.21 um 13:40 schrieb e_bri...@videotron.ca:
Hi all,
Looks like we are not done with log4j security problems. Someone has
recommendations about CVE-2021-45046?
Eric Briere
We just upgraded to log4j2-2.16. It disables jndi lookups altogether by
default.
-Rahul
On Wed, Dec 15, 2021 at 7:40 AM wrote:
> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has
> recommendations about CVE-2021-45046?
>
> Eric Briere
>
Thanks,
We still used LRUCache in our config which seems to be deprecated, updating the
config to use CaffeineCache seems to do the trick.
Best Regards
Jens
Jens Viebig
Software Developer
o:
+49 4307 8358 0
f:
+49 4307 8358 699
jens.vie...@vitec.com
www.vitec.com
Legal Notice
Unless expressl
Is there already an Idea when 8.11.1 is supposed to be released ?
Jens Viebig
Software Developer
o:
+49 4307 8358 0
f:
+49 4307 8358 699
jens.vie...@vitec.com
www.vitec.com
Legal Notice
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for th
Hi everyone,
Does anyone know if Solr 3.6.1 supports FIPS 140-2?
Thanks
Steve
>
> Is there already an Idea when 8.11.1 is supposed to be released ?
This was discussed yesterday. Check the archives for the full explanation.
Short version: can’t give a definite date but it will be no sooner than a week
from now.
Keep in mind that you can have more than one log4j-core-*.jar to patch.
In my case:
/opt/solr-8.4.0/server/lib/ext/log4j-core-2.11.2.jar
/opt/solr-8.4.0/contrib/prometheus-exporter/lib/log4j-core-2.11.2.jar
Thomas
Op wo 15 dec. 2021 om 13:52 schreef Bernd Fehling <
bernd.fehl...@uni-bielefeld.de
Hi,
We've implemented this step "Otherwise, remove the JndiLookup class from the
classpath: zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class" from
https://logging.apache.org/log4j/2.x/security.html for
/server/lib/ext.
We would like to check if
/contrib/promet
On 12/15/21 12:57 AM, Bernd Fehling wrote:
To get away from the Oracle License by switching from Java 8 to
OpenJDK 8, do you have any observations or measurements?
What I have seen says that OpenJDK 8 is solid. In the last few years, I
have not had first-hand access to large-scale Solr insta
On 12/14/21 10:55 PM, Soh Jia Yu, Eunice wrote:
We've implemented this step "Otherwise, remove the JndiLookup class from the classpath:
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class" from
https://logging.apache.org/log4j/2.x/security.html for /server/lib/ext.
That is fixed in log4j 2.16.0, included in Solr 8.11.1.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Dec 15, 2021, at 4:40 AM, e_bri...@videotron.ca wrote:
>
> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has
> re
Hello, is it safe to simply replace the jars in the solr lib/ext folder with
version 2.16 or are they hardcoded in scripts or meta-inf files ?
Thanks
—
Ing. Andrea Vettori
Responsabile Sistemi Informativi
B2BIres s.r.l.
> On 15 Dec 2021, at 17:32, Shawn Heisey wrote:
>
> On 12/14/21 10:55 PM,
On 12/15/21 9:41 AM, Ing. Andrea Vettori wrote:
Hello, is it safe to simply replace the jars in the solr lib/ext folder with
version 2.16 or are they hardcoded in scripts or meta-inf files ?
This appears to work correctly if the original version of log4j included
was 2.14.1. I have done thi
On 12/15/21 7:01 AM, Steven White wrote:
Does anyone know if Solr 3.6.1 supports FIPS 140-2?
Solr 3.6.1 was announced on July 22, 2012. Over nine years ago. At that
time, Solr itself didn't have any kind of encryption capability. If you
want to enable encryption for that version of Solr, yo
On 12/15/21 9:14 AM, Shawn Heisey wrote:
I am in the process of downloading 6.6.6 so I can do some testing.
Transfer speed from archive.apache.org is terrible, I should be done
with the download in about 15 minutes.
Out of the box, Solr 6.6.6 refuses to start with Java 11. It actually
r
On 2021-12-15 11:06 AM, Shawn Heisey wrote:
...
I did an experiment, replacing the bin/solr script in 6.6.6 with the
bin/solr script from 8.11.0 ... although I have not done extensive
testing, this appears to work. It was able to start Solr, and was also
able to start the cloud example, with "
I would also encourage you to do the upgrade first on QA/Staging rather
than directly on production, where possible.
This could prevent nasty binary incompatibilities where the Solr build
expects certain methods from the compiled log4j library, that mismatch with
the upgraded jar.
And a crashed off
I find these files in my solr install
./server/lib/ext/log4j-core-2.11.0.jar
./server/lib/ext/log4j-1.2-api-2.11.0.jar
./server/lib/ext/log4j-api-2.11.0.jar
./server/lib/ext/log4j-slf4j-impl-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j
That should be sufficient based on our current understanding of the
situation, yes.
On Wed, Dec 15, 2021 at 12:53 PM Scott Derrick wrote:
> I find these files in my solr install
>
> ./server/lib/ext/log4j-core-2.11.0.jar
> ./server/lib/ext/log4j-1.2-api-2.11.0.jar
> ./server/lib/ext/log4j-api-2.
On 12/15/21 11:53 AM, Scott Derrick wrote:
I find these files in my solr install
./server/lib/ext/log4j-core-2.11.0.jar
./server/lib/ext/log4j-1.2-api-2.11.0.jar
./server/lib/ext/log4j-api-2.11.0.jar
./server/lib/ext/log4j-slf4j-impl-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j-core-2.11.0
25 matches
Mail list logo
