You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Mark Miller <ma...@apache.org> on 2014/12/29 20:13:11 UTC
[ANNOUNCE] Apache Solr 4.10.3 released
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
December 2014, Apache Solr™ 4.10.3 available
The Lucene PMC is pleased to announce the release of Apache Solr 4.10.3
Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful
full-text search, hit highlighting, faceted search, dynamic
clustering, database integration, rich document (e.g., Word, PDF)
handling, and geospatial search. Solr is highly scalable, providing
fault tolerant distributed search and indexing, and powers the search
and navigation features of many of the world's largest internet sites.
Solr 4.10.3 is available for immediate download at:
http://lucene.apache.org/solr/mirrors-solr-latest-redir.html
Solr 4.10.3 includes 21 bug fixes, as well as Lucene 4.10.3 and its 12
bug fixes.
This release fixes the following security vulnerability that has
affected Solr since the Solr 4.0 Alpha release.
CVE-2014-3628: Stored XSS vulnerability in Solr Admin UI.
Information disclosure: The Solr Admin UI Plugin / Stats page does not
escape data values which allows an attacker to execute javascript by
executing a query that will be stored and displayed via the
'fieldvaluecache' object.
See the CHANGES.txt file included with the release for a full list of
changes and further details.
Please report any feedback to the mailing lists
(http://lucene.apache.org/solr/discussion.html)
Note: The Apache Software Foundation uses an extensive mirroring
network for distributing releases. It is possible that the mirror you
are using may not have replicated the release yet. If that is the
case, please try another mirror. This also goes for Maven access.
Happy Holidays,
Mark Miller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUoafHAAoJED+/0YJ4eWrIZiMP/0mbISJXMyLXa6LfFRe0EWco
uXZNPGnHvwxR+5t9d8YpT0lquUab54VBSUB4JbyGIH9xbXLvTvRMhZGQVLgaD0VZ
zbIUOuSW7YyrT7yIVv4Rzd5/WiuVPMxPQfOHaGnQC6wMDozk4DN74QJuJ9CmnoQJ
im3xuovQxxxT1iLL0ECHgKtpPo+Kqhw0uR4RGBXPIdZS96c+bfiEEcU0lOdKTZaZ
HhmvimuyAIrRIRSPih1bvsBMih24RMEG5S7oxW4uVbrQti5t1ntV7Zpr8HgIYfa1
5AwPlLF7ENMGebe0Nryzy4fOfODpGdirehTZMPy2ZCAa2ucjmNSJCYVWm3MKi0Tl
P7rbqitWRjILURtDvyI9hPSGrY0wLoOc27ZJ41JQDNJsP7jh0HFVkHnKSFPOI+oI
6Ahw97xsirQSyNI2KK/v4ISPZfjW+PM8r5XCRcHaoexNqyn6Zpov2+0EJdusXwyJ
FUvGhE2o8ORR3typP3mssaENinTsCsIPtUIdrmL7Zdb0/DmvLU9yYeckNvb0InBC
x332tn+li74n5rfrCjlKruUbq2R6JeZSzPr/WclditSFJMOUGVZBxlsRAQdv2Zbp
/LCekZnxZyQG/QrYWQdZFbbcT8jvQUc9djr8FIeUiULe/6a9iBscFjJP/QnDmUFM
MEX/wBc01eTOn6cLCNYw
=g2EG
-----END PGP SIGNATURE-----