| commit | 2018165ce12bc0808d1d396a2960ca15914bdf26 | [log] [tgz] |
|---|---|---|
| author | Houston Putman <houston@apache.org> | Mon May 16 16:20:00 2022 -0400 |
| committer | Houston Putman <houston@apache.org> | Mon May 16 16:21:50 2022 -0400 |
| tree | 5c5c4cb9f093bbd65f1d2b36789c756889b06ae4 | |
| parent | 8b033070ba5491f8a532e227347643df14fa3e9d [diff] |
Even more fixes for (#5) Testing out that this works on #5 another#423 should not be affected Also #3 and #2
Some Docker images were vulnerable to one of a pair of vulnerabilities in Log4J 2. But we have mitigated supported images (and some others) and re-published them. You may need to re-pull the image you are using. For those images prior to 8.11.1, Solr is using a popular technique to mitigate the problem -- setting log4j2.formatMsgNoLookups. The Solr maintainers have deemed this adequate based specifically on how Solr uses logging; it won‘t be adequate for all projects that use Log4J. canning software might alert you to the presence of an older Log4J JAR file, however it can’t know if your software (Solr) uses the artifacts in a vulnerable way. To validate the mitigation being in place, look for -Dlog4j2.formatMsgNoLookups in the Args section of Solr's front admin screen. As of Solr 9.0.0, Solr is using Log4J 2.17.1.
References:
Dockerfile linksSee Docker Hub for a list of image tags available to pull. Note that the Apache Solr project doesn't actually support any releases older than the current major release series, despite whatever tags are published.
For more information about this image and its history and all currently supported tags, please see the relevant manifest file (library/solr). This image is updated via pull requests to the apache/solr-docker GitHub repo. However, the Dockerfiles are generated from official Apache Solr releases. See the apache/solr Github repo for more information on how the Docker image is created, maintained and tested.
Apache Solr is highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and more. Solr powers the search and navigation features of many of the world's largest internet sites.
Learn more on Solr's homepage and in the Solr Reference Guide.
For information on using the tags 9.0.0 and above, please refer to the Docker section in the Solr reference guide.
For information on using tags 8 and before, please refer to the docker-solr repository.
This repository is available on github.com/apache/solr-docker, and the official build is on the Docker Hub.
Solr is licensed under the Apache License, Version 2.0.
This repository is licensed under the Apache License, Version 2.0.
Copyright 2015-2022 The Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Please report issues with this docker image on via Apache Solr JIRA. But please first reach out via the users@solr mailing list linked in the community information below.
For general questions about Solr, see the Community information, in particular the users@solr mailing list.
If you want to contribute to Solr, see the How To Contribute.
This project was started in 2015 by Martijn Koster. In 2019 maintainership and copyright was transferred to the Apache Lucene/Solr project. Many thanks to Martijn for all your contributions over the years!