Commit Graph

255 Commits

Author SHA1 Message Date
Robert Muir 975df9ddd3
LUCENE-9182: add apache license headers to all .gradle files and enforce in rat task 2020-01-27 12:05:34 -05:00
Kevin Risden 9b6fc1b9fc
SOLR-14132: Upgrade Angular JS 1.3.8 to 1.7.9
* Upgrade Angular JS 1.3.8 to 1.7.9
* Upgrade Angular Chosen v1.3.0 and Chosen to v1.8.7
* Remove older jquery 1.7.2 version
* Remove non minified Angular JS files

Closes #1196

Signed-off-by: Kevin Risden <krisden@apache.org>
2020-01-23 09:20:12 -05:00
Jason Gerlowski 424ace6f5d
SOLR-14186: Enforce CRLF in Windows files with .gitattributes (#1163) 2020-01-16 08:30:39 -05:00
Dawid Weiss 3008dd9526 Merge remote-tracking branch 'origin/master' into gradle-master 2020-01-13 17:55:53 +01:00
Jason Gerlowski 5377742a62
SOLR-13985: Bind to localhost interface by default (#1154)
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces. This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.

A version of this commit was previously reverted due to inconsistency
between SOLR_HOST and SOLR_JETTY_HOST.  This commit fixes this issue.
2020-01-13 09:42:30 -05:00
Dawid Weiss d7726495c5 Merge remote-tracking branch 'origin/master' into gradle-master 2020-01-09 19:22:09 +01:00
Kevin Risden 22155bf7a7
SOLR-14163: SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION needs to work with Jetty server/client SSL contexts
Closes #1147

Signed-off-by: Kevin Risden <krisden@apache.org>
2020-01-09 10:28:35 -05:00
Dawid Weiss 7e4c841aa7 Merge remote-tracking branch 'origin/master' into gradle-master 2020-01-08 12:26:10 +01:00
Jason Gerlowski a17c486424 Revert "SOLR-13985: Bind to localhost interface by default"
This temporarily reverts commit 479e73 while a potentially related
networking hiccup is investigated.
2020-01-07 09:05:13 -05:00
Dawid Weiss 405d227c55 Merge remote-tracking branch 'origin/master' into gradle-master 2020-01-07 08:45:12 +01:00
Jason Gerlowski 479e736469 SOLR-13985: Bind to localhost interface by default
Prior to this commit, Solr's Jetty listened for connections on all
network interfaces.  This commit changes it to only listen on localhost,
to prevent incautious administrators from accidentally exposing their
Solr deployment to the world.

Administrators who wish to override this behavior can set the
SOLR_JETTY_HOST property in their Solr include file
(solr.in.sh/solr.in.cmd) to "0.0.0.0" or some other value.
2020-01-03 15:17:24 -05:00
Dawid Weiss 2bab5ea442 Merge remote-tracking branch 'origin/master' into gradle-master 2020-01-03 11:02:55 +01:00
Andrzej Bialecki 7d0cf0df32 SOLR-13817: Clean up config files to remove the default 'class=' attribute in
standard caches.
2020-01-02 20:58:47 +01:00
Dawid Weiss a40b3e755b Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-31 10:08:07 +01:00
Jan Høydahl 33bd811fb8
SOLR-14109: Always log to stdout from server/scripts/cloud-scripts/zkcli.{bat|sh} (#1130) 2019-12-30 16:28:24 +01:00
Dawid Weiss d79b678b39 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-30 09:24:46 +01:00
Robert Muir 1cb6e35058 SOLR-14141: eliminate JKS keystore from solr ssl docs.
Currently the documentation pretends to create a JKS keystore. It is
only actually a JKS keystore on java 8: on java9+ it is a PKCS12
keystore with a .jks extension (because PKCS12 is the new java default).
It works even though solr explicitly tells the JDK
(SOLR_SSL_KEY_STORE_TYPE=JKS) that its JKS when it is in fact not, due
to how keystore backwards compatibility was implemented.

Fix docs to explicitly create a PKCS12 keystore with .p12 extension and
so on instead of a PKCS12 keystore masquerading as a JKS one. This
simplifies the SSL steps since the "conversion" step (which was doing
nothing) from .JKS -> .P12 can be removed.
2019-12-29 09:34:00 -05:00
Dawid Weiss 7350f03cd1 Reordered some lines and comments to make it easier to manually diff/ merge with gradle branch. 2019-12-25 13:29:11 +01:00
Dawid Weiss 584f564c91 Reordered some lines and comments to make it easier to manually diff/ merge with gradle branch. 2019-12-25 13:26:16 +01:00
Dawid Weiss 23f3fd2d48 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-25 13:14:57 +01:00
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Dawid Weiss 5897b78572 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-20 17:35:40 +01:00
Kevin Risden aab3c5faa3
SOLR-14106: Cleanup Jetty SslContextFactory usage
Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.

This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x

Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-19 23:05:47 -05:00
Matthias Krueger 1e5100d5a5
SOLR-14091: Removing deprecated configuration of Jetty's soLingerTime option
Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-18 17:24:43 -05:00
Dawid Weiss 3aff1664e5 updateChecksums, validation of dangling unreferenced files under licenses/. Separated licenses-gradle for Solr for now (doesn't include transitive Lucene dependencies). 2019-12-13 15:07:59 +01:00
Dawid Weiss 6094d4dd13 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-12 14:16:48 +01:00
Ishan Chattopadhyaya 7097e9c41a SOLR-13978: Removed LTR from default configset 2019-12-12 15:09:21 +05:30
Ishan Chattopadhyaya dce36c10e9 SOLR-13978: Remove non-essential components from default configset
The default configset no longer has the following:
   - Library inclusions (<lib ../>) for extraction, solr-cell libs, clustering, velocity and language identifier
   - /browse, /tvrh and /update/extract handlers
   - TermVector component (if someone wants it, can be added using config APIs)
   - XSLT response writer
   - Velocity response writer
If you want to use them in your collections, please add them to your configset manually or through the Config APIs.
2019-12-12 10:43:31 +05:30
Dawid Weiss 20eaaa012d Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-10 14:52:30 +01:00
Kevin Risden 12825f3642
SOLR-14039: SOLR-13987 broke multiple node /select handler due to jetty.xml whitespace
Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-09 19:29:37 -05:00
Dawid Weiss a6d7017f2e Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-09 10:55:54 +01:00
Kevin Risden f9e15839bf
SOLR-13987: Admin UI should not rely on javascript eval()
* Removes `'unsafe-eval'` from CSP `script-src`
* Enables Angular CSP mode
* Removes `eval()` JSON parsing in `cloud.js`
* Removes `jstree` themes error

Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-07 16:40:04 -05:00
Dawid Weiss f371df327f Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-06 11:57:29 +01:00
Jan Høydahl 7417fa1cf3
SOLR-13954: Embedded ZooKeeper in Solr now does not try to load JettyAdminServer (#1059) 2019-12-06 11:03:23 +01:00
Dawid Weiss 7c26c6de02 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-03 18:45:12 +01:00
Robert Muir c8c9c10023 SOLR-13982: set security-related http response headers by default
Unfortunately, as a first start this is very weak protection against
e.g. XSS.  This is because some 'unsafe-xxx' rules must be present due
to the insecurity of angular JS: Until SOLR-13987 is fixed, XSS & co are
still easy.
2019-12-03 06:12:33 -05:00
Dawid Weiss d4a9842375 Initial gradle build layer. 2019-12-02 15:34:57 +01:00
David Smiley 6a72b81ed3 SOLR-13971: Revert changes to the default configset.
* clarified these are Java system properties
* trivial dead code change; Boolean.getBoolean returns a primitive
2019-11-28 10:45:58 -05:00
Ishan Chattopadhyaya 50e8cea918 SOLR-13971: Removing velocity from _default and disabling custom template support by default 2019-11-28 07:52:43 +05:30
Dawid Weiss 063c82ebd6 SOLR-13952: reverting Erick's commit (with permission). 2019-11-25 17:56:20 +01:00
Erick Erickson 4b34d726ab SOLR-13952: Separate out Gradle-specific code from other (mostly test) changes and commit separately 2019-11-24 13:24:40 -05:00
Andrzej Bialecki b4fe911cc8 SOLR-13817: Remove legacy SolrCache implementations. 2019-11-14 21:21:44 +01:00
Cao Manh Dat 7350c50316 SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config 2019-09-30 16:29:43 +01:00
Tomoko Uchida 77c1ed7d16 SOLR-13690: Migrate field type configurations in default/example schema files to look up factories by 'name' 2019-08-31 23:06:32 +09:00
Munendra S N cb94eeb491 SOLR-11266: remove content-type override from _default configSet 2019-07-30 10:06:56 +05:30
Tomoko Uchida 45ea46a425 SOLR-13602: Add a field type for Estonian language to default managed_schema 2019-07-03 20:57:38 +09:00
Munendra S N 0e877aac34 SOLR-12554: Expose IndexWriterConfig's ramPerThreadHardLimitMB
* When ramPerThreadHardLimitMB is not specified, then Lucene's
  default value 1945 is used. The specified value should be
  greater than 0 and less than 2048MB
2019-07-01 22:42:19 +05:30
Andrzej Bialecki bd8905150d SOLR-12461: Upgrade Dropwizard Metrics to 4.0.5 release. 2019-04-18 19:08:20 +02:00