[ANNOUNCE] Apache Solr 5.5.5 released

[Steve Rowe <sa...@gmail.com>]

24 October 2017, Apache Solr™ 5.5.5 available 

The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5. 

Solr is the popular, blazing fast, open source NoSQL search platform from the 
Apache Lucene project. Its major features include powerful full-text search, 
hit highlighting, faceted search and analytics, rich document parsing, 
geospatial search, extensive REST APIs as well as parallel SQL. Solr is 
enterprise grade, secure and highly scalable, providing fault tolerant 
distributed search and indexing, and powers the search and navigation features 
of many of the world's largest internet sites. 

This release contains one bugfix. 

This release includes one critical and one important security fix. Details: 

* Fix for a 0-day exploit (CVE-2017-12629), details: https://s.apache.org/FJDl. 
RunExecutableListener has been disabled by default (can be enabled by 
-Dsolr.enableRunExecutableListener=true) and resolving external entities in the 
XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by default. 

* Fix for CVE-2017-7660: Security Vulnerability in secure inter-node communication 
in Apache Solr, details: https://s.apache.org/APTY 

Furthermore, this release includes Apache Lucene 5.5.5 which includes one security 
fix since the 5.5.4 release. 

The release is available for immediate download at: 

http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5 

Please read CHANGES.txt for a detailed list of changes: 

https://lucene.apache.org/solr/5_5_5/changes/Changes.html 

Please report any feedback to the mailing lists 
(http://lucene.apache.org/solr/discussion.html) 

Note: The Apache Software Foundation uses an extensive mirroring 
network for distributing releases. It is possible that the mirror you 
are using may not have replicated the release yet. If that is the 
case, please try another mirror. This also goes for Maven access.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Erick Erickson <er...@gmail.com>]

Releasing something as far back as two major versions is rare, it's
got to be something critical. In this case a security issue.

It's only provided for people who are on 5x and cannot upgrade to
other versions of Solr that have the fix already.

Best,
Erick

On Tue, Oct 24, 2017 at 11:39 AM, Alexandre Rafalovitch
<ar...@gmail.com> wrote:
> Stay on Solr 7, that's the latest and greatest (well 7.1 is)
>
> 5.5.5 is a maintenance release due to the security issue.
>
> It is not just the tip of the spear, older releases sometimes get upgrades too.
>
> Regards,
>    Alex
> ----
> http://www.solr-start.com/ - Resources for Solr users, new and experienced
>
>
> On 24 October 2017 at 14:28, Moenieb Davids <mo...@gmail.com> wrote:
>> Hi Steve,
>>
>> I have just started with Solr 7.*, so I am a bit confused with 5.5.5, same
>> with lucene.
>> Also, the sites register versions 7.*,
>> Apologies for my ignorance if I had missed anything or do not have a proper
>> understanding of the version management
>>
>> Regards
>> Moenieb
>>
>> On Tue, Oct 24, 2017 at 6:27 PM, Steve Rowe <sa...@gmail.com> wrote:
>>
>>> Yes.
>>>
>>> --
>>> Steve
>>> www.lucidworks.com
>>>
>>> > On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com>
>>> wrote:
>>> >
>>> > Solr 5.5.5?
>>> >
>>> > On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
>>> >
>>> >> 24 October 2017, Apache Solr™ 5.5.5 available
>>> >>
>>> >> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>>> >>
>>> >> Solr is the popular, blazing fast, open source NoSQL search platform
>>> from
>>> >> the
>>> >> Apache Lucene project. Its major features include powerful full-text
>>> >> search,
>>> >> hit highlighting, faceted search and analytics, rich document parsing,
>>> >> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
>>> >> enterprise grade, secure and highly scalable, providing fault tolerant
>>> >> distributed search and indexing, and powers the search and navigation
>>> >> features
>>> >> of many of the world's largest internet sites.
>>> >>
>>> >> This release contains one bugfix.
>>> >>
>>> >> This release includes one critical and one important security fix.
>>> Details:
>>> >>
>>> >> * Fix for a 0-day exploit (CVE-2017-12629), details:
>>> >> https://s.apache.org/FJDl.
>>> >> RunExecutableListener has been disabled by default (can be enabled by
>>> >> -Dsolr.enableRunExecutableListener=true) and resolving external
>>> entities
>>> >> in the
>>> >> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
>>> >> default.
>>> >>
>>> >> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
>>> >> communication
>>> >> in Apache Solr, details: https://s.apache.org/APTY
>>> >>
>>> >> Furthermore, this release includes Apache Lucene 5.5.5 which includes
>>> one
>>> >> security
>>> >> fix since the 5.5.4 release.
>>> >>
>>> >> The release is available for immediate download at:
>>> >>
>>> >> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>>> >>
>>> >> Please read CHANGES.txt for a detailed list of changes:
>>> >>
>>> >> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>>> >>
>>> >> Please report any feedback to the mailing lists
>>> >> (http://lucene.apache.org/solr/discussion.html)
>>> >>
>>> >> Note: The Apache Software Foundation uses an extensive mirroring
>>> >> network for distributing releases. It is possible that the mirror you
>>> >> are using may not have replicated the release yet. If that is the
>>> >> case, please try another mirror. This also goes for Maven access.
>>>
>>>

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Alexandre Rafalovitch <ar...@gmail.com>]

Stay on Solr 7, that's the latest and greatest (well 7.1 is)

5.5.5 is a maintenance release due to the security issue.

It is not just the tip of the spear, older releases sometimes get upgrades too.

Regards,
   Alex
----
http://www.solr-start.com/ - Resources for Solr users, new and experienced


On 24 October 2017 at 14:28, Moenieb Davids <mo...@gmail.com> wrote:
> Hi Steve,
>
> I have just started with Solr 7.*, so I am a bit confused with 5.5.5, same
> with lucene.
> Also, the sites register versions 7.*,
> Apologies for my ignorance if I had missed anything or do not have a proper
> understanding of the version management
>
> Regards
> Moenieb
>
> On Tue, Oct 24, 2017 at 6:27 PM, Steve Rowe <sa...@gmail.com> wrote:
>
>> Yes.
>>
>> --
>> Steve
>> www.lucidworks.com
>>
>> > On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com>
>> wrote:
>> >
>> > Solr 5.5.5?
>> >
>> > On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
>> >
>> >> 24 October 2017, Apache Solr™ 5.5.5 available
>> >>
>> >> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>> >>
>> >> Solr is the popular, blazing fast, open source NoSQL search platform
>> from
>> >> the
>> >> Apache Lucene project. Its major features include powerful full-text
>> >> search,
>> >> hit highlighting, faceted search and analytics, rich document parsing,
>> >> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
>> >> enterprise grade, secure and highly scalable, providing fault tolerant
>> >> distributed search and indexing, and powers the search and navigation
>> >> features
>> >> of many of the world's largest internet sites.
>> >>
>> >> This release contains one bugfix.
>> >>
>> >> This release includes one critical and one important security fix.
>> Details:
>> >>
>> >> * Fix for a 0-day exploit (CVE-2017-12629), details:
>> >> https://s.apache.org/FJDl.
>> >> RunExecutableListener has been disabled by default (can be enabled by
>> >> -Dsolr.enableRunExecutableListener=true) and resolving external
>> entities
>> >> in the
>> >> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
>> >> default.
>> >>
>> >> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
>> >> communication
>> >> in Apache Solr, details: https://s.apache.org/APTY
>> >>
>> >> Furthermore, this release includes Apache Lucene 5.5.5 which includes
>> one
>> >> security
>> >> fix since the 5.5.4 release.
>> >>
>> >> The release is available for immediate download at:
>> >>
>> >> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>> >>
>> >> Please read CHANGES.txt for a detailed list of changes:
>> >>
>> >> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>> >>
>> >> Please report any feedback to the mailing lists
>> >> (http://lucene.apache.org/solr/discussion.html)
>> >>
>> >> Note: The Apache Software Foundation uses an extensive mirroring
>> >> network for distributing releases. It is possible that the mirror you
>> >> are using may not have replicated the release yet. If that is the
>> >> case, please try another mirror. This also goes for Maven access.
>>
>>

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Hi Steve,

I have just started with Solr 7.*, so I am a bit confused with 5.5.5, same
with lucene.
Also, the sites register versions 7.*,
Apologies for my ignorance if I had missed anything or do not have a proper
understanding of the version management

Regards
Moenieb

On Tue, Oct 24, 2017 at 6:27 PM, Steve Rowe <sa...@gmail.com> wrote:

> Yes.
>
> --
> Steve
> www.lucidworks.com
>
> > On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com>
> wrote:
> >
> > Solr 5.5.5?
> >
> > On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> >
> >> 24 October 2017, Apache Solr™ 5.5.5 available
> >>
> >> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
> >>
> >> Solr is the popular, blazing fast, open source NoSQL search platform
> from
> >> the
> >> Apache Lucene project. Its major features include powerful full-text
> >> search,
> >> hit highlighting, faceted search and analytics, rich document parsing,
> >> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> >> enterprise grade, secure and highly scalable, providing fault tolerant
> >> distributed search and indexing, and powers the search and navigation
> >> features
> >> of many of the world's largest internet sites.
> >>
> >> This release contains one bugfix.
> >>
> >> This release includes one critical and one important security fix.
> Details:
> >>
> >> * Fix for a 0-day exploit (CVE-2017-12629), details:
> >> https://s.apache.org/FJDl.
> >> RunExecutableListener has been disabled by default (can be enabled by
> >> -Dsolr.enableRunExecutableListener=true) and resolving external
> entities
> >> in the
> >> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> >> default.
> >>
> >> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> >> communication
> >> in Apache Solr, details: https://s.apache.org/APTY
> >>
> >> Furthermore, this release includes Apache Lucene 5.5.5 which includes
> one
> >> security
> >> fix since the 5.5.4 release.
> >>
> >> The release is available for immediate download at:
> >>
> >> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
> >>
> >> Please read CHANGES.txt for a detailed list of changes:
> >>
> >> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
> >>
> >> Please report any feedback to the mailing lists
> >> (http://lucene.apache.org/solr/discussion.html)
> >>
> >> Note: The Apache Software Foundation uses an extensive mirroring
> >> network for distributing releases. It is possible that the mirror you
> >> are using may not have replicated the release yet. If that is the
> >> case, please try another mirror. This also goes for Maven access.
>
>

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Hi Steve,

I have just started with Solr 7.*, so I am a bit confused with 5.5.5, same
with lucene.
Also, the sites register versions 7.*,
Apologies for my ignorance if I had missed anything or do not have a proper
understanding of the version management

Regards
Moenieb

On Tue, Oct 24, 2017 at 6:27 PM, Steve Rowe <sa...@gmail.com> wrote:

> Yes.
>
> --
> Steve
> www.lucidworks.com
>
> > On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com>
> wrote:
> >
> > Solr 5.5.5?
> >
> > On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> >
> >> 24 October 2017, Apache Solr™ 5.5.5 available
> >>
> >> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
> >>
> >> Solr is the popular, blazing fast, open source NoSQL search platform
> from
> >> the
> >> Apache Lucene project. Its major features include powerful full-text
> >> search,
> >> hit highlighting, faceted search and analytics, rich document parsing,
> >> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> >> enterprise grade, secure and highly scalable, providing fault tolerant
> >> distributed search and indexing, and powers the search and navigation
> >> features
> >> of many of the world's largest internet sites.
> >>
> >> This release contains one bugfix.
> >>
> >> This release includes one critical and one important security fix.
> Details:
> >>
> >> * Fix for a 0-day exploit (CVE-2017-12629), details:
> >> https://s.apache.org/FJDl.
> >> RunExecutableListener has been disabled by default (can be enabled by
> >> -Dsolr.enableRunExecutableListener=true) and resolving external
> entities
> >> in the
> >> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> >> default.
> >>
> >> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> >> communication
> >> in Apache Solr, details: https://s.apache.org/APTY
> >>
> >> Furthermore, this release includes Apache Lucene 5.5.5 which includes
> one
> >> security
> >> fix since the 5.5.4 release.
> >>
> >> The release is available for immediate download at:
> >>
> >> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
> >>
> >> Please read CHANGES.txt for a detailed list of changes:
> >>
> >> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
> >>
> >> Please report any feedback to the mailing lists
> >> (http://lucene.apache.org/solr/discussion.html)
> >>
> >> Note: The Apache Software Foundation uses an extensive mirroring
> >> network for distributing releases. It is possible that the mirror you
> >> are using may not have replicated the release yet. If that is the
> >> case, please try another mirror. This also goes for Maven access.
>
>

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Hi Steve,

I have just started with Solr 7.*, so I am a bit confused with 5.5.5, same
with lucene.
Also, the sites register versions 7.*,
Apologies for my ignorance if I had missed anything or do not have a proper
understanding of the version management

Regards
Moenieb

On Tue, Oct 24, 2017 at 6:27 PM, Steve Rowe <sa...@gmail.com> wrote:

> Yes.
>
> --
> Steve
> www.lucidworks.com
>
> > On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com>
> wrote:
> >
> > Solr 5.5.5?
> >
> > On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> >
> >> 24 October 2017, Apache Solr™ 5.5.5 available
> >>
> >> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
> >>
> >> Solr is the popular, blazing fast, open source NoSQL search platform
> from
> >> the
> >> Apache Lucene project. Its major features include powerful full-text
> >> search,
> >> hit highlighting, faceted search and analytics, rich document parsing,
> >> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> >> enterprise grade, secure and highly scalable, providing fault tolerant
> >> distributed search and indexing, and powers the search and navigation
> >> features
> >> of many of the world's largest internet sites.
> >>
> >> This release contains one bugfix.
> >>
> >> This release includes one critical and one important security fix.
> Details:
> >>
> >> * Fix for a 0-day exploit (CVE-2017-12629), details:
> >> https://s.apache.org/FJDl.
> >> RunExecutableListener has been disabled by default (can be enabled by
> >> -Dsolr.enableRunExecutableListener=true) and resolving external
> entities
> >> in the
> >> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> >> default.
> >>
> >> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> >> communication
> >> in Apache Solr, details: https://s.apache.org/APTY
> >>
> >> Furthermore, this release includes Apache Lucene 5.5.5 which includes
> one
> >> security
> >> fix since the 5.5.4 release.
> >>
> >> The release is available for immediate download at:
> >>
> >> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
> >>
> >> Please read CHANGES.txt for a detailed list of changes:
> >>
> >> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
> >>
> >> Please report any feedback to the mailing lists
> >> (http://lucene.apache.org/solr/discussion.html)
> >>
> >> Note: The Apache Software Foundation uses an extensive mirroring
> >> network for distributing releases. It is possible that the mirror you
> >> are using may not have replicated the release yet. If that is the
> >> case, please try another mirror. This also goes for Maven access.
>
>

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Steve Rowe <sa...@gmail.com>]

Yes.  

--
Steve
www.lucidworks.com

> On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com> wrote:
> 
> Solr 5.5.5?
> 
> On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> 
>> 24 October 2017, Apache Solr™ 5.5.5 available
>> 
>> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>> 
>> Solr is the popular, blazing fast, open source NoSQL search platform from
>> the
>> Apache Lucene project. Its major features include powerful full-text
>> search,
>> hit highlighting, faceted search and analytics, rich document parsing,
>> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
>> enterprise grade, secure and highly scalable, providing fault tolerant
>> distributed search and indexing, and powers the search and navigation
>> features
>> of many of the world's largest internet sites.
>> 
>> This release contains one bugfix.
>> 
>> This release includes one critical and one important security fix. Details:
>> 
>> * Fix for a 0-day exploit (CVE-2017-12629), details:
>> https://s.apache.org/FJDl.
>> RunExecutableListener has been disabled by default (can be enabled by
>> -Dsolr.enableRunExecutableListener=true) and resolving external entities
>> in the
>> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
>> default.
>> 
>> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
>> communication
>> in Apache Solr, details: https://s.apache.org/APTY
>> 
>> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
>> security
>> fix since the 5.5.4 release.
>> 
>> The release is available for immediate download at:
>> 
>> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>> 
>> Please read CHANGES.txt for a detailed list of changes:
>> 
>> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>> 
>> Please report any feedback to the mailing lists
>> (http://lucene.apache.org/solr/discussion.html)
>> 
>> Note: The Apache Software Foundation uses an extensive mirroring
>> network for distributing releases. It is possible that the mirror you
>> are using may not have replicated the release yet. If that is the
>> case, please try another mirror. This also goes for Maven access.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Steve Rowe <sa...@gmail.com>]

Yes.  

--
Steve
www.lucidworks.com

> On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com> wrote:
> 
> Solr 5.5.5?
> 
> On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> 
>> 24 October 2017, Apache Solr™ 5.5.5 available
>> 
>> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>> 
>> Solr is the popular, blazing fast, open source NoSQL search platform from
>> the
>> Apache Lucene project. Its major features include powerful full-text
>> search,
>> hit highlighting, faceted search and analytics, rich document parsing,
>> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
>> enterprise grade, secure and highly scalable, providing fault tolerant
>> distributed search and indexing, and powers the search and navigation
>> features
>> of many of the world's largest internet sites.
>> 
>> This release contains one bugfix.
>> 
>> This release includes one critical and one important security fix. Details:
>> 
>> * Fix for a 0-day exploit (CVE-2017-12629), details:
>> https://s.apache.org/FJDl.
>> RunExecutableListener has been disabled by default (can be enabled by
>> -Dsolr.enableRunExecutableListener=true) and resolving external entities
>> in the
>> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
>> default.
>> 
>> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
>> communication
>> in Apache Solr, details: https://s.apache.org/APTY
>> 
>> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
>> security
>> fix since the 5.5.4 release.
>> 
>> The release is available for immediate download at:
>> 
>> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>> 
>> Please read CHANGES.txt for a detailed list of changes:
>> 
>> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>> 
>> Please report any feedback to the mailing lists
>> (http://lucene.apache.org/solr/discussion.html)
>> 
>> Note: The Apache Software Foundation uses an extensive mirroring
>> network for distributing releases. It is possible that the mirror you
>> are using may not have replicated the release yet. If that is the
>> case, please try another mirror. This also goes for Maven access.

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Steve Rowe <sa...@gmail.com>]

Yes.  

--
Steve
www.lucidworks.com

> On Oct 24, 2017, at 12:25 PM, Moenieb Davids <mo...@gmail.com> wrote:
> 
> Solr 5.5.5?
> 
> On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:
> 
>> 24 October 2017, Apache Solr™ 5.5.5 available
>> 
>> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>> 
>> Solr is the popular, blazing fast, open source NoSQL search platform from
>> the
>> Apache Lucene project. Its major features include powerful full-text
>> search,
>> hit highlighting, faceted search and analytics, rich document parsing,
>> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
>> enterprise grade, secure and highly scalable, providing fault tolerant
>> distributed search and indexing, and powers the search and navigation
>> features
>> of many of the world's largest internet sites.
>> 
>> This release contains one bugfix.
>> 
>> This release includes one critical and one important security fix. Details:
>> 
>> * Fix for a 0-day exploit (CVE-2017-12629), details:
>> https://s.apache.org/FJDl.
>> RunExecutableListener has been disabled by default (can be enabled by
>> -Dsolr.enableRunExecutableListener=true) and resolving external entities
>> in the
>> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
>> default.
>> 
>> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
>> communication
>> in Apache Solr, details: https://s.apache.org/APTY
>> 
>> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
>> security
>> fix since the 5.5.4 release.
>> 
>> The release is available for immediate download at:
>> 
>> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>> 
>> Please read CHANGES.txt for a detailed list of changes:
>> 
>> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>> 
>> Please report any feedback to the mailing lists
>> (http://lucene.apache.org/solr/discussion.html)
>> 
>> Note: The Apache Software Foundation uses an extensive mirroring
>> network for distributing releases. It is possible that the mirror you
>> are using may not have replicated the release yet. If that is the
>> case, please try another mirror. This also goes for Maven access.

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Solr 5.5.5?

On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:

> 24 October 2017, Apache Solr™ 5.5.5 available
>
> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>
> Solr is the popular, blazing fast, open source NoSQL search platform from
> the
> Apache Lucene project. Its major features include powerful full-text
> search,
> hit highlighting, faceted search and analytics, rich document parsing,
> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> enterprise grade, secure and highly scalable, providing fault tolerant
> distributed search and indexing, and powers the search and navigation
> features
> of many of the world's largest internet sites.
>
> This release contains one bugfix.
>
> This release includes one critical and one important security fix. Details:
>
> * Fix for a 0-day exploit (CVE-2017-12629), details:
> https://s.apache.org/FJDl.
> RunExecutableListener has been disabled by default (can be enabled by
> -Dsolr.enableRunExecutableListener=true) and resolving external entities
> in the
> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> default.
>
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> communication
> in Apache Solr, details: https://s.apache.org/APTY
>
> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
> security
> fix since the 5.5.4 release.
>
> The release is available for immediate download at:
>
> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>
> Please read CHANGES.txt for a detailed list of changes:
>
> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>
> Please report any feedback to the mailing lists
> (http://lucene.apache.org/solr/discussion.html)
>
> Note: The Apache Software Foundation uses an extensive mirroring
> network for distributing releases. It is possible that the mirror you
> are using may not have replicated the release yet. If that is the
> case, please try another mirror. This also goes for Maven access.

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Solr 5.5.5?

On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:

> 24 October 2017, Apache Solr™ 5.5.5 available
>
> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>
> Solr is the popular, blazing fast, open source NoSQL search platform from
> the
> Apache Lucene project. Its major features include powerful full-text
> search,
> hit highlighting, faceted search and analytics, rich document parsing,
> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> enterprise grade, secure and highly scalable, providing fault tolerant
> distributed search and indexing, and powers the search and navigation
> features
> of many of the world's largest internet sites.
>
> This release contains one bugfix.
>
> This release includes one critical and one important security fix. Details:
>
> * Fix for a 0-day exploit (CVE-2017-12629), details:
> https://s.apache.org/FJDl.
> RunExecutableListener has been disabled by default (can be enabled by
> -Dsolr.enableRunExecutableListener=true) and resolving external entities
> in the
> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> default.
>
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> communication
> in Apache Solr, details: https://s.apache.org/APTY
>
> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
> security
> fix since the 5.5.4 release.
>
> The release is available for immediate download at:
>
> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>
> Please read CHANGES.txt for a detailed list of changes:
>
> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>
> Please report any feedback to the mailing lists
> (http://lucene.apache.org/solr/discussion.html)
>
> Note: The Apache Software Foundation uses an extensive mirroring
> network for distributing releases. It is possible that the mirror you
> are using may not have replicated the release yet. If that is the
> case, please try another mirror. This also goes for Maven access.

Re: [ANNOUNCE] Apache Solr 5.5.5 released

[Moenieb Davids <mo...@gmail.com>]

Solr 5.5.5?

On 24 Oct 2017 17:34, "Steve Rowe" <sa...@gmail.com> wrote:

> 24 October 2017, Apache Solr™ 5.5.5 available
>
> The Lucene PMC is pleased to announce the release of Apache Solr 5.5.5.
>
> Solr is the popular, blazing fast, open source NoSQL search platform from
> the
> Apache Lucene project. Its major features include powerful full-text
> search,
> hit highlighting, faceted search and analytics, rich document parsing,
> geospatial search, extensive REST APIs as well as parallel SQL. Solr is
> enterprise grade, secure and highly scalable, providing fault tolerant
> distributed search and indexing, and powers the search and navigation
> features
> of many of the world's largest internet sites.
>
> This release contains one bugfix.
>
> This release includes one critical and one important security fix. Details:
>
> * Fix for a 0-day exploit (CVE-2017-12629), details:
> https://s.apache.org/FJDl.
> RunExecutableListener has been disabled by default (can be enabled by
> -Dsolr.enableRunExecutableListener=true) and resolving external entities
> in the
> XML query parser (defType=xmlparser or {!xmlparser ... }) is disabled by
> default.
>
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> communication
> in Apache Solr, details: https://s.apache.org/APTY
>
> Furthermore, this release includes Apache Lucene 5.5.5 which includes one
> security
> fix since the 5.5.4 release.
>
> The release is available for immediate download at:
>
> http://www.apache.org/dyn/closer.lua/lucene/solr/5.5.5
>
> Please read CHANGES.txt for a detailed list of changes:
>
> https://lucene.apache.org/solr/5_5_5/changes/Changes.html
>
> Please report any feedback to the mailing lists
> (http://lucene.apache.org/solr/discussion.html)
>
> Note: The Apache Software Foundation uses an extensive mirroring
> network for distributing releases. It is possible that the mirror you
> are using may not have replicated the release yet. If that is the
> case, please try another mirror. This also goes for Maven access.