| <!doctype html> |
| <html> |
| <head> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE- 2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <link href="/theme/css/lucene/global.css?v=0e493d7a" rel="stylesheet" type="text/css"> |
| |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> |
| <meta name="Distribution" content="Global"/> |
| <meta name="Robots" content="index,follow"/> |
| |
| <script type="text/javascript" src="/theme/javascript/lucene/prototype.js?v=0e493d7a"></script> |
| <script type="text/javascript" src="/theme/javascript/lucene/effects.js?v=0e493d7a"></script> |
| <script type="text/javascript" src="/theme/javascript/lucene/slides.js?v=0e493d7a"></script> |
| <script src="https://www.apachecon.com/event-images/snippet.js"></script> <title>Apache Lucene - Lucene™ Project News</title> |
| <meta name="keywords" |
| content="apache, apache lucene, apache solr, solr, lucene |
| search, information retrieval, spell checking, faceting, inverted index, |
| open source"/> <meta property="og:type" content="website" /> |
| <meta property="og:url" content="https://lucene.apache.org/news.html"/> |
| <meta property="og:title" content="Lucene™ Project News"/> |
| <meta property="og:description" content="You may also read Lucene news as ATOM feeds: TLP news feed. All news feed. Lucene core news feed."/> |
| <meta property="og:image" content="https://lucene.apache.org/theme/images/lucene/lucene_og_image.png?v=0e493d7a"/> |
| <meta property="og:image:secure_url" content="https://lucene.apache.org/theme/images/lucene/lucene_og_image.png?v=0e493d7a"/> |
| <link rel="shortcut icon" type="image/png" |
| href="/theme/images/lucene/lucene-favicon.png?v=0e493d7a"/> </head> |
| <body id="home"> |
| <div id="wrap"> |
| <div id="header"> |
| <div id="logo" style="float:left"> |
| <a href="/"> |
| <img border="0" src="/theme/images/lucene/lucene_logo_green_300.png?v=0e493d7a" alt="Lucene Logo"/> |
| </a> |
| </div> |
| <!-- TODO: Search disabled as it does not work, 2021-02-21 |
| <div id="search" style="float:right;zoom:1"> |
| <form id="quick-search" method="GET" action="https://sematext.com/opensee/lucene" name="searchform"> |
| <fieldset> |
| <input type="search" id="q" name="q" placeholder="Search with Apache Solr..." class="class1 class2 hint" accesskey="q"> |
| </fieldset> |
| </form> |
| </div>--> |
| <div id="nav"> |
| <ul> |
| <li><a href="/core/">Core (Java)</a></li> |
| <li><a class="last" href="/pylucene/index.html">PyLucene</a></li> |
| </ul> |
| </div> |
| |
| <div id="slides"> |
| <div class="slideshow" id="mantleSlides"> |
| <div id="slide1" > |
| <div class="callout"> |
| Ultra-fast Search Library<br/> |
| </div> |
| <div class="descwrapper"><div class="description"> |
| Apache Lucene set the standard for search and indexing performance. |
| Lucene is the search core of both Apache Solr™ and Elasticsearch™. |
| </div></div> |
| <div class="mantle"> |
| <img alt="Apache Lucene" src="/theme/images/lucene/tlp/mantle-lucene.png?v=0e493d7a"/> |
| </div> |
| </div> |
| <div id="slide2" style="display:none"> |
| <div class="callout"> |
| Proven search capabilities<br/> |
| </div> |
| <div class="descwrapper"><div class="description"> |
| Our core algorithms along with the Solr search server power applications the world over, ranging |
| from mobile devices to sites like Twitter, Apple and Wikipedia. |
| </div></div> |
| <div class="mantle"> |
| <img alt="Lucene Power" src="/theme/images/lucene/mantle-power.png?v=0e493d7a"/> |
| </div> |
| </div> |
| <div id="slide3" style="display:none"> |
| <div class="callout"> |
| Large, Vibrant community |
| </div> |
| <div class="descwrapper"><div class="description"> |
| The goal of Apache Lucene is to provide world class search capabilities |
| </div></div> |
| <div class="mantle"> |
| <img alt="Apache Mahout community" src="/theme/images/lucene/tlp/mantle-community.png?v=0e493d7a"/> |
| </div> |
| </div> |
| <div id="slide4" style="display:none"> |
| <div class="callout"> |
| Apache 2.0 licensed |
| </div> |
| <div class="descwrapper"><div class="description"> |
| Apache Lucene is distributed under a commercially friendly Apache Software license |
| </div></div> |
| <div class="mantle"> |
| <img alt="Apache Software Foundation" src="/theme/images/lucene/mantle-asf.png?v=0e493d7a"/> |
| </div> |
| </div> </div> |
| <div class="controls"> |
| <a class="next" id="next" title="Next" href="#">Next</a> |
| <a class="previous" id="previous" title="Previous" href="#">Previous</a> |
| <a class="start" id="start" title="Start" href="#" style="display: none; ">Start</a> |
| <a class="stop" id="stop" title="Stop" href="#">Stop</a> |
| </div> |
| |
| <script type="text/javascript"> |
| function StartSlides() { |
| new Slides('mantleSlides'); |
| } |
| document.observe('dom:loaded', StartSlides); |
| </script> |
| </div> <!-- End #slides --> |
| </div> <!-- End #header --> |
| |
| <div id="content-wrap" class="clearfix"> |
| <div id="main"> |
| <div> |
| <h1 class="title">Lucene™ Project News</h1> |
| <p>You may also read Lucene news as ATOM feeds:</p> |
| <ul> |
| <li><a href="/feeds/news.atom.xml">TLP news feed</a>.</li> |
| <li><a href="/feeds/all.atom.xml">All news feed</a>.</li> |
| <li><a href="/feeds/core/news.atom.xml">Lucene core news feed</a>.</li> |
| </ul> |
| </div> |
| |
| <div> |
| <h2 id="new-mailing-lists"> |
| 6 September 2019 - New mailing lists |
| <a class="headerlink" href="#new-mailing-lists" title="Permanent link">¶</a> |
| </h2> |
| <p>The Lucene project has added two new announce mailing lists, <code>issues@lucene.apache.org</code> and <code>builds@lucene.apache.org</code>. |
| High-volume automated emails from our bug tracker, JIRA and GitHub will be moved from the <code>dev@</code> list to <code>issues@</code> and |
| automated emails from our Jenkins CI build servers will be moved from the <code>dev@</code> list to <code>builds@</code>.</p> |
| <p>This is an effort to reduce the sometimes overwhelming email volume on our main development mailing list and thus make it |
| easier for the community to follow important discussions by humans on the <code>dev@lucene.apache.org</code> list.</p> |
| <p>Everyone who wants to continue receiving these automated emails should sign up for one or both of the two new lists. |
| Sign-up instructions can be found on the <a href="https://lucene.apache.org/core/discussion.html">Lucene-java</a> |
| and <a href="https://lucene.apache.org/solr/community.html#mailing-lists-irc">Solr</a> web sites.</p> |
| <h2 id="please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list"> |
| 12 October 2017 - Please secure your Apache Solr servers since a zero-day exploit has been reported on a public mailing list |
| <a class="headerlink" href="#please-secure-your-apache-solr-servers-since-a-zero-day-exploit-has-been-reported-on-a-public-mailing-list" title="Permanent link">¶</a> |
| </h2> |
| <p>Please secure your Solr servers since a zero-day exploit has been |
| reported on a <a href="https://s.apache.org/FJDl">public mailing list</a>. |
| This has been assigned a public CVE (CVE-2017-12629) which we |
| will reference in future communication about resolution and mitigation |
| steps.</p> |
| <p>Here is what we're recommending and what we're doing now:</p> |
| <ul> |
| <li> |
| <p>Until fixes are available, all Solr users are advised to restart their |
| Solr instances with the system parameter <code>-Ddisable.configEdit=true</code>. |
| This will disallow any changes to be made to configurations via the |
| Config API. This is a key factor in this vulnerability, since it allows |
| GET requests to add the RunExecutableListener to the config. This is |
| sufficient to protect you from this type of attack, but means you cannot |
| use the edit capabilities of the Config API until the other fixes |
| described below are in place. Users are also advised to remap |
| the XML Query Parser to another parser to mitigate the XXE |
| vulnerability. For example, adding the following to the solrconfig.xml |
| file maps the <code>xmlparser</code> to the <code>edismax</code> parser: |
| <code><queryParser name="xmlparser" class="solr.ExtendedDismaxQParserPlugin"/></code>.</p> |
| </li> |
| <li> |
| <p>A new release of Lucene/Solr was in the vote phase, but we have now |
| pulled it back to be able to address these issues in the upcoming 7.1 |
| release. We will also determine mitigation steps for users on earlier |
| versions, which may include a 6.6.2 release for users still on 6.x.</p> |
| </li> |
| <li> |
| <p>The RunExecutableListener will be removed in 7.1. It was previously |
| used by Solr for index replication but has been replaced and is no |
| longer needed.</p> |
| </li> |
| <li> |
| <p>The XML Parser will be fixed and the fixes will be included in the 7.1 |
| release.</p> |
| </li> |
| <li> |
| <p>The 7.1 release was already slated to include a change to disable the |
| <code>stream.body</code> parameter by default, which will further help protect |
| systems.</p> |
| </li> |
| </ul> |
| <h2 id="recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations"> |
| 18 August 2014 - Recommendation to update Apache POI in Apache Solr 4.8.0, 4.8.1, and 4.9.0 installations |
| <a class="headerlink" href="#recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations" title="Permanent link">¶</a> |
| </h2> |
| <p>Apache Solr versions 4.8.0, 4.8.1, 4.9.0 bundle Apache POI 3.10-beta2 with its binary release tarball. |
| This version (and all previous ones) of Apache POI are vulnerable to the following issues: |
| CVE-2014-3529 <em>(XML External Entity (XXE) problem in Apache POI's OpenXML parser)</em>, |
| CVE-2014-3574 <em>(XML Entity Expansion (XEE) problem in Apache POI's OpenXML parser)</em>.</p> |
| <p>The Apache POI PMC released a bugfix version (3.10.1) today.</p> |
| <p>Solr users are affected by these issues, if they enable the "Apache Solr Content Extraction Library (Solr Cell)" |
| contrib module from the folder "contrib/extraction" of the release tarball.</p> |
| <p>Users of Apache Solr are strongly advised to keep the module disabled if they don't use it. |
| Alternatively, users of Apache Solr 4.8.0, 4.8.1, or 4.9.0 can update the affected libraries by |
| replacing the vulnerable JAR files in the distribution folder. Users of previous versions have |
| to update their Solr release first, patching older versions is impossible.</p> |
| <p>For detailed instructions, see <a href="/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations">Solr's News</a></p> |
| <h2 id="open-relevance-sub-project-closed"> |
| 11 June 2014 - Open Relevance sub-project closed |
| <a class="headerlink" href="#open-relevance-sub-project-closed" title="Permanent link">¶</a> |
| </h2> |
| <p>The Apache Lucene Project Management Committee decided in a vote, |
| that the Apache Lucene sub-project "Open Relevance" will be discontinued. There was only modest activity during the last |
| years and the project made no releases. Thank you to all committers for their support in this project!</p> |
| <h2 id="apache-lucene-48-and-apache-solr-48-will-require-java-7"> |
| 12 March 2014 - Apache Lucene 4.8 and Apache Solr 4.8 will require Java 7 |
| <a class="headerlink" href="#apache-lucene-48-and-apache-solr-48-will-require-java-7" title="Permanent link">¶</a> |
| </h2> |
| <p>The Apache Lucene/Solr committers decided with a large majority on the vote to require <strong>Java 7</strong> for the next minor release of Apache Lucene and Apache Solr (version 4.8)!</p> |
| <p>The next release will also contain some improvements for Java 7:</p> |
| <ul> |
| <li> |
| <p>Better file handling (especially on Windows) in the directory implementations. Files can now be deleted on windows, although the index is still open - like it was always possible on Unix environments (delete on last close semantics).</p> |
| </li> |
| <li> |
| <p>Speed improvements in sorting comparators: Sorting now uses Java 7's own comparators for integer and long sorts, which are highly optimized by the Hotspot VM.</p> |
| </li> |
| </ul> |
| <p>If you want to stay up-to-date with Lucene and Solr, you should upgrade your infrastructure to Java 7. |
| Please be aware that you must use at least use Java 7u1. |
| The recommended version at the moment is Java 7u25. Later versions like 7u40, 7u45,... have a bug causing index corrumption. |
| Ideally use the Java 7u60 prerelease, which has fixed this bug. Once 7u60 is out, this will be the recommended version. |
| In addition, there is no more Oracle/BEA JRockit available for Java 7, use the official Oracle Java 7. |
| JRockit was never working correctly with Lucene/Solr (causing index corrumption), so this should not be an issue. |
| Please also review our list of JVM bugs: <a href="http://wiki.apache.org/lucene-java/JavaBugs">http://wiki.apache.org/lucene-java/JavaBugs</a></p> |
| <p><em>EDIT (as of 15 April 2014):</em> The recently released Java 7u55 fixes the above bug causing index corrumption. |
| This version is now the recommended version for running Apache Lucene and Solr.</p> |
| </div> |
| </div> |
| <div id="sidebar"> |
| <div class="button-green"> |
| <a href="/core/downloads.html">Download</a> |
| <div class="flap top">Click to</div> |
| <div class="flap bottom">Apache Lucene 9.10.0</div> |
| </div> |
| <div class="download-desc">Apache Lucene 9.10.0</div> |
| |
| <h1 id="projects">Projects<a class="headerlink" href="#projects" title="Permanent link">¶</a></h1> |
| <ul> |
| <li><a href="/core/">Lucene Core (Java)</a></li> |
| <li><a href="/pylucene/">PyLucene</a></li> |
| <li><a href="/openrelevance/">Open Relevance (Discontinued)</a></li> |
| </ul> |
| |
| <h1 id="about">About<a class="headerlink" href="#about" title="Permanent link">¶</a></h1> |
| <ul> |
| <li><a href="https://www.apache.org/licenses/">License</a></li> |
| <li><a href="/whoweare.html">Who We are</a></li> |
| <li><a href="/news.html">TLP News</a></li> |
| <li><a href="/code-of-conduct.html">Code of Conduct</a></li> |
| </ul> |
| |
| <h1 id="events">Events<a class="headerlink" href="#events" title="Permanent link">¶</a></h1> |
| <ul> |
| <a class="acevent" data-format="square" data-mode="light" data-width="160" data-style="border: 1px solid lightgrey"></a> |
| </ul> |
| |
| <h1 id="asf-links">ASF links<a class="headerlink" href="#asf-links" title="Permanent link">¶</a></h1> |
| <ul> |
| <li><a href="https://www.apache.org">Apache Software Foundation</a></li> |
| <li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li> |
| <li><a href="https://www.apache.org/security/">Security</a></li> |
| </ul> |
| |
| <h1 id="editing-this-site">Editing This Site<a class="headerlink" href="#editing-this-site" title="Permanent link">¶</a></h1> |
| <ul> |
| <li><a href="site-instructions.html">Instructions</a></li> |
| <li><a href="http://daringfireball.net/projects/markdown/syntax">Markdown</a></li> |
| </ul> |
| |
| <h1 id="related-projects">Related Projects<a class="headerlink" href="#related-projects" title="Permanent link">¶</a></h1> |
| <ul> |
| <li><a href="https://solr.apache.org">Apache Solr</a></li> |
| <li><a href="http://hadoop.apache.org">Apache Hadoop</a></li> |
| <li><a href="http://manifoldcf.apache.org/">Apache ManifoldCF</a></li> |
| <li><a href="http://lucenenet.apache.org/">Apache Lucene.Net</a></li> |
| <li><a href="http://mahout.apache.org">Apache Mahout</a></li> |
| <li><a href="http://nutch.apache.org">Apache Nutch</a></li> |
| <li><a href="http://opennlp.apache.org/">Apache OpenNLP</a></li> |
| <li><a href="http://tika.apache.org">Apache Tika</a></li> |
| <li><a href="http://zookeeper.apache.org">Apache Zookeeper</a></li> |
| </ul> </div> |
| </div> <!-- End #content-wrap --> |
| |
| <div id="footer"> |
| <div class="copyright"> |
| <p> |
| Copyright © 2011-2024 The Apache Software Foundation, Licensed under |
| the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>. <a href="/privacy.html">Privacy Policy</a> <br/> |
| Apache and the Apache feather logo are trademarks of The Apache Software Foundation. Apache Lucene, Apache Solr and their |
| respective logos are trademarks of the Apache Software Foundation. Please see the <a href="https://www.apache.org/foundation/marks/">Apache Trademark Policy</a> |
| for more information. |
| </p> |
| </div> |
| </div> </div> <!-- End #wrap --> |
| </body> |
| </html> |