Commit Graph

289 Commits

Author SHA1 Message Date
Robert Muir 1cb6e35058 SOLR-14141: eliminate JKS keystore from solr ssl docs.
Currently the documentation pretends to create a JKS keystore. It is
only actually a JKS keystore on java 8: on java9+ it is a PKCS12
keystore with a .jks extension (because PKCS12 is the new java default).
It works even though solr explicitly tells the JDK
(SOLR_SSL_KEY_STORE_TYPE=JKS) that its JKS when it is in fact not, due
to how keystore backwards compatibility was implemented.

Fix docs to explicitly create a PKCS12 keystore with .p12 extension and
so on instead of a PKCS12 keystore masquerading as a JKS one. This
simplifies the SSL steps since the "conversion" step (which was doing
nothing) from .JKS -> .P12 can be removed.
2019-12-29 09:34:00 -05:00
Dawid Weiss 7350f03cd1 Reordered some lines and comments to make it easier to manually diff/ merge with gradle branch. 2019-12-25 13:29:11 +01:00
Dawid Weiss 584f564c91 Reordered some lines and comments to make it easier to manually diff/ merge with gradle branch. 2019-12-25 13:26:16 +01:00
Dawid Weiss 23f3fd2d48 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-25 13:14:57 +01:00
Robert Muir 126d6b7767
SOLR-13984: add (experimental, disabled by default) security manager support (#1082)
* SOLR-13984: add (experimental, disabled by default) security manager support.

User can set SOLR_SECURITY_MANAGER_ENABLED=true to enable security manager at runtime.

The current policy file used by tests is moved to solr/server
Additional permissions are granted for the filesystem locations set by bin/solr, and networking everywhere is enabled.

This takes advantage of the fact that permission entries are ignored if properties are not defined:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#PropertyExp
2019-12-24 06:30:31 -08:00
Robert Muir 72c99e921c
SOLR-14136: ip whitelist/blacklist via env vars (#1111)
SOLR-14136: ip whitelist/blacklist via env vars

This makes it easy to restrict access to Solr by IP. For example SOLR_IP_WHITELIST="127.0.0.1, 192.168.0.0/24, [::1], [2000:123:4:5::]/64" would restrict access to v4/v6 localhost, the 192.168.0 ipv4 network, and 2000:123:4:5 ipv6 network. Any other IP will receive a 403 response.

Blacklisting functionality can deny access to problematic addresses or networks that would otherwise be allowed. For example SOLR_IP_BLACKLIST="192.168.0.3, 192.168.0.4" would explicitly prevent those two specific addresses from accessing solr.
2019-12-23 19:26:11 -05:00
Robert Muir 1425d6cbf8
SOLR-14138: enable request log via environ var, remove deprecated jetty class usage, respect SOLR_LOGS_DIR (#1110)
User can now set SOLR_REQUESTLOG_ENABLED=true to enable the jetty request log, instead of editing XML. The location of the request logs will respect SOLR_LOGS_DIR if that is set. The deprecated NCSARequestLog is no longer used, instead it uses CustomRequestLog with NCSA_FORMAT.
2019-12-23 10:37:31 -05:00
Dawid Weiss 5897b78572 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-20 17:35:40 +01:00
Kevin Risden aab3c5faa3
SOLR-14106: Cleanup Jetty SslContextFactory usage
Jetty 9.4.16.v20190411 and up introduced separate
client and server SslContextFactory implementations.
This split requires the proper use of of
SslContextFactory in clients and server configs.

This fixes the following
* SSL with SOLR_SSL_NEED_CLIENT_AUTH not working since v8.2.0
* Http2SolrClient SSL not working in branch_8x

Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-19 23:05:47 -05:00
Matthias Krueger 1e5100d5a5
SOLR-14091: Removing deprecated configuration of Jetty's soLingerTime option
Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-18 17:24:43 -05:00
Dawid Weiss 3aff1664e5 updateChecksums, validation of dangling unreferenced files under licenses/. Separated licenses-gradle for Solr for now (doesn't include transitive Lucene dependencies). 2019-12-13 15:07:59 +01:00
Dawid Weiss 6094d4dd13 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-12 14:16:48 +01:00
Ishan Chattopadhyaya 7097e9c41a SOLR-13978: Removed LTR from default configset 2019-12-12 15:09:21 +05:30
Ishan Chattopadhyaya dce36c10e9 SOLR-13978: Remove non-essential components from default configset
The default configset no longer has the following:
   - Library inclusions (<lib ../>) for extraction, solr-cell libs, clustering, velocity and language identifier
   - /browse, /tvrh and /update/extract handlers
   - TermVector component (if someone wants it, can be added using config APIs)
   - XSLT response writer
   - Velocity response writer
If you want to use them in your collections, please add them to your configset manually or through the Config APIs.
2019-12-12 10:43:31 +05:30
Dawid Weiss 20eaaa012d Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-10 14:52:30 +01:00
Kevin Risden 12825f3642
SOLR-14039: SOLR-13987 broke multiple node /select handler due to jetty.xml whitespace
Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-09 19:29:37 -05:00
Dawid Weiss a6d7017f2e Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-09 10:55:54 +01:00
Kevin Risden f9e15839bf
SOLR-13987: Admin UI should not rely on javascript eval()
* Removes `'unsafe-eval'` from CSP `script-src`
* Enables Angular CSP mode
* Removes `eval()` JSON parsing in `cloud.js`
* Removes `jstree` themes error

Signed-off-by: Kevin Risden <krisden@apache.org>
2019-12-07 16:40:04 -05:00
Dawid Weiss f371df327f Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-06 11:57:29 +01:00
Jan Høydahl 7417fa1cf3
SOLR-13954: Embedded ZooKeeper in Solr now does not try to load JettyAdminServer (#1059) 2019-12-06 11:03:23 +01:00
Dawid Weiss 7c26c6de02 Merge remote-tracking branch 'origin/master' into gradle-master 2019-12-03 18:45:12 +01:00
Robert Muir c8c9c10023 SOLR-13982: set security-related http response headers by default
Unfortunately, as a first start this is very weak protection against
e.g. XSS.  This is because some 'unsafe-xxx' rules must be present due
to the insecurity of angular JS: Until SOLR-13987 is fixed, XSS & co are
still easy.
2019-12-03 06:12:33 -05:00
Dawid Weiss d4a9842375 Initial gradle build layer. 2019-12-02 15:34:57 +01:00
David Smiley 6a72b81ed3 SOLR-13971: Revert changes to the default configset.
* clarified these are Java system properties
* trivial dead code change; Boolean.getBoolean returns a primitive
2019-11-28 10:45:58 -05:00
Ishan Chattopadhyaya 50e8cea918 SOLR-13971: Removing velocity from _default and disabling custom template support by default 2019-11-28 07:52:43 +05:30
Dawid Weiss 063c82ebd6 SOLR-13952: reverting Erick's commit (with permission). 2019-11-25 17:56:20 +01:00
Erick Erickson 4b34d726ab SOLR-13952: Separate out Gradle-specific code from other (mostly test) changes and commit separately 2019-11-24 13:24:40 -05:00
Andrzej Bialecki b4fe911cc8 SOLR-13817: Remove legacy SolrCache implementations. 2019-11-14 21:21:44 +01:00
Cao Manh Dat 7350c50316 SOLR-13798: SSL: Adding Enabling/Disabling client's hostname verification config 2019-09-30 16:29:43 +01:00
Tomoko Uchida 77c1ed7d16 SOLR-13690: Migrate field type configurations in default/example schema files to look up factories by 'name' 2019-08-31 23:06:32 +09:00
Munendra S N cb94eeb491 SOLR-11266: remove content-type override from _default configSet 2019-07-30 10:06:56 +05:30
Tomoko Uchida 45ea46a425 SOLR-13602: Add a field type for Estonian language to default managed_schema 2019-07-03 20:57:38 +09:00
Munendra S N 0e877aac34 SOLR-12554: Expose IndexWriterConfig's ramPerThreadHardLimitMB
* When ramPerThreadHardLimitMB is not specified, then Lucene's
  default value 1945 is used. The specified value should be
  greater than 0 and less than 2048MB
2019-07-01 22:42:19 +05:30
Andrzej Bialecki bd8905150d SOLR-12461: Upgrade Dropwizard Metrics to 4.0.5 release. 2019-04-18 19:08:20 +02:00
Uwe Schindler df27ccf01d SOLR-13409: Disable HTML directory listings in admin interface to prevent possible security issues 2019-04-17 11:04:13 +02:00
Chris Hostetter d90034f0d6 SOLR-13336: add maxBooleanClauses (default to 1024) setting to solr.xml, reverting previous effective value of Integer.MAX_VALUE-1, to restrict risk of pathalogical query expansion. 2019-04-15 10:27:08 -07:00
Kevin Risden 4e230388ba
SOLR-13335: Upgrade to velocity 2.0 and velocity-tools 3.0
Signed-off-by: Kevin Risden <krisden@apache.org>
2019-03-25 09:58:44 -04:00
erick fe5a96a284 SOLR-13268: Clean up any test failures resulting from SOLR-12055 (async logging). Kevin's upgrades 2019-02-24 09:50:04 -08:00
Erick 0de3905ce7 SOLR-12055: Enable async logging by default SOLR-12753: Async logging ring buffer and OOM error 2019-02-22 12:27:02 -08:00
David Smiley 381a30b26c SOLR-12768: added _nest_path_ to the default schema (thereby enabling nested docs)
* new NestPathField encapsulating details for how _nest_path_ is indexed
** tweaked the analysis to index 1 token instead of variable
* TokenizerChain has new CustomAnalyzer copy-constructor
2019-01-28 13:25:06 -05:00
Tomas Fernandez Lobbe 8b54b20fc4 SOLR-12770: Make it possible to configure a host whitelist for distributed search 2019-01-15 11:44:57 -08:00
Alan Woodward 04f48dba8b Move to version 9.0.0 2019-01-07 13:04:01 +00:00
Jason Gerlowski c34f29a4b4 SOLR-13090: Add sysprop override for maxBooleanClauses 2019-01-02 10:58:32 -05:00
Cao Manh Dat f80e8e1167 Merge jira/http2 branch to master 2018-12-16 16:58:20 +00:00
Jan Høydahl a3fc31e5d2 Remove unnecessary XML exclusions as Jetty handles these by default (janhoy) 2018-10-18 16:38:52 +02:00
David Smiley 964cc88cee SOLR-12593: remove date parsing from extract contrib
* added "ignored_*" to the default configSet
* Updated Ref Guide info on Solr Cell to demonstrate usage without using the techproducts configSet

Closes #438
2018-09-28 16:50:11 -04:00
Erick Erickson 3b62f23f72 SOLR-12055: Enable async logging by default - rollback 2018-09-07 22:51:50 -07:00
Erick Erickson 8e75f393b3 SOLR-12055: Enable async logging by default 2018-08-31 20:39:05 -07:00
David Smiley 18874a6e36 SOLR-12591: Expand default configSet's date patterns to subsume those of extract contrib 2018-08-29 14:17:44 -04:00
Uwe Schindler 928b92caa0 SOLR-12655: Add Korean morphological analyzer ("nori") to default distribution. This also adds examples for configuration in Solr's schema 2018-08-11 14:07:31 +02:00
David Smiley c3887b351e SOLR-12586: Change ParseDateFieldUpdateProcessorFactory to use java.time.DateTimeFormatter, not Joda Time.
Note: slightly different pattern language!
Remove Joda Time.
Closes #428
2018-08-07 11:51:16 -04:00
Erick Erickson 93ae3669b5 SOLR-12008: Settle a location for the log4j2.xml file 2018-07-11 20:57:38 -07:00
Alexandre Rafalovitch b7d14c50fb SOLR-11694: Remove outdated UIMA module 2018-07-07 09:58:57 -04:00
Ishan Chattopadhyaya 4138ad662e SOLR-12428: Solr LTR jar now included in _default configset's solrconfig.xml 2018-06-18 15:02:20 +05:30
Jan Høydahl 30bf6b657f SOLR-12350: Do not use docValues as stored for _str (copy)fields in _default configset 2018-06-08 15:12:48 +02:00
Varun Thacker 44015e2acd SOLR-11453: Configuring slowQueryThresholdMillis logs slow requests to a separate file - solr_slow_requests.log 2018-05-28 12:43:05 -07:00
Varun Thacker 8a697ee09c SOLR-12265: Fix jetty-start shade issue 2018-05-10 10:10:44 -07:00
Mark Miller 5e2a5a5b8c SOLR-10783: Add support for Hadoop Credential Provider as SSL/TLS store password source. 2018-04-09 21:57:56 -05:00
Joel Bernstein d420139c27 SOLR-12175: Add random field type and dynamic field to the default managed-schema 2018-04-05 14:00:07 -04:00
Varun Thacker 41a1cbe2c3 SOLR-7887: Fix logging filePattern to use solr.log.X format 2018-04-02 10:15:12 -07:00
Varun Thacker bea6e2307b SOLR-7887: Log4J2 upgrade fixes 2018-03-26 11:32:03 -07:00
Erick Erickson 624d128b5e SOLR-7887: Upgrade Solr to use log4j2 -- log4j 1 now officially end of life 2018-03-25 19:16:09 -07:00
Shalin Shekhar Mangar fc8c239f93 SOLR-11957: Increase MaxFileSize=32MB and MaxBackupIndex=10 for RollingFileAppender in log4j.properties 2018-03-05 15:45:25 +05:30
Varun Thacker a9f0272380 SOLR-12006: Add a '*_t' and '*_t_sort' dynamic field for single valued text fields 2018-02-20 17:31:00 -08:00
Chris Hostetter 034677d5ca SOLR-11978: use new SortableTextField in _default and sample_techproducts_configs configsets 2018-02-12 15:14:44 -07:00
Christine Poerschke abf3d11332 SOLR-11480: Remove unused "Admin Extra" files and mentions. (Eric Pugh, Christine Poerschke) 2018-01-30 12:39:44 +00:00
Erick Erickson 2900bb597d SOLR-11810: Upgrade Jetty to 9.4.8 2018-01-17 11:33:22 -08:00
Chris Hostetter 6dcbb2d412 SOLR-3218: Added range faceting support for CurrencyFieldType 2018-01-14 16:30:24 -07:00
Cassandra Targett eec25eacce SOLR-4323: fix unterminated lst element in techproducts example solrconfig 2017-11-10 16:35:38 -06:00
Cassandra Targett 01e7756e08 SOLR-8852: change wiki link in solr/server/solr/README.txt to point to the Ref Guide 2017-10-19 16:40:19 -05:00
Uwe Schindler 7b313bb597 SOLR-11482: RunExecutableListener was removed for security reasons 2017-10-13 13:48:18 +02:00
Varun Thacker e30171397e SOLR-11306: Fix inaccurate comments on docValues and StrField in the example schemas 2017-10-06 15:48:58 -07:00
Jan Høydahl bc95209774 SOLR-10451: Remove contrib/ltr/lib from lib includes in the techproducts example config. Fixes #249 2017-09-19 10:45:23 +02:00
Ishan Chattopadhyaya c8e0e939e4 SOLR-11183: V2 APIs are now available at /api endpoint 2017-08-20 21:00:15 +05:30
Steve Rowe 67b3d4e108 SOLR-10760: Remove trie field types and fields from example schemas 2017-07-26 12:34:51 -04:00
Chris Hostetter 6a59253ec3 SOLR-10494: Make default response format JSON (wt=json), and also indent text responses formats (indent=on) by default 2017-07-24 08:42:02 -07:00
Cassandra Targett cbe7084a8e SOLR-11135: Update Ref Guide links in READMEs, config files and UI 2017-07-21 21:06:43 -05:00
Varun Thacker df3a9b3531 SOLR-11021: The elevate.xml config-file is now optional in the ElevationComponent. The default configset doesn't ship with an elevate.xml file anymore 2017-07-07 12:42:49 -07:00
Jan Høydahl a60ec1b432 SOLR-9526: Data driven schema now indexes text field "foo" as both "foo" (text_general) and as "foo_str" (string) to facilitate both search and faceting 2017-07-06 15:56:51 +02:00
Varun Thacker d13e70f683 SOLR-10967: Cleanup the schema for the default configset 2017-07-05 14:49:54 -07:00
Anshum Gupta 3b6d741016 Solr 7.0 release, bumping up version to 8 on master 2017-06-30 10:40:27 -07:00
David Smiley 82a44beb3c SOLR-6807: requestDispatcher/@handleSelect now defaults to false; stop using it.
Deprecated StandardRequestHandler; stop using it.
2017-06-28 17:22:44 -04:00
Ishan Chattopadhyaya e4a7fc59ad SOLR-10574: Adding _default configset, replacing data_driven_schema_configs and basic_configs 2017-06-26 04:58:02 +05:30
Steve Rowe a6f4f2dd9c SOLR-10503,SOLR-10502: Deprecate CurrencyField in favor of new CurrencyFieldType, which works with point fields and provides control over dynamic fields used for the raw amount and currency code sub-fields. 2017-06-23 10:14:28 -04:00
yonik 98276481e4 SOLR-10921: raise lucene BooleanQuery.maxClauseCount, add higher level checking via QueryUtils.build 2017-06-22 16:05:19 -04:00
Ishan Chattopadhyaya 1a58412e4a SOLR-10574: Reverting previous commits to tackle test failues 2017-06-20 23:14:24 +00:00
Ishan Chattopadhyaya d1c807dd70 SOLR-10574: Adding unified _default config set 2017-06-20 11:05:07 +00:00
Ishan Chattopadhyaya 7c2429bebf SOLR-10574: Adding data driven support to basic_confs and adding payload fields 2017-06-20 11:03:48 +00:00
Jan Høydahl 4746ff0ec8 SOLR-9623: Disable remote streaming in example configs by default. Adjust Upload Limit defaults 2017-06-20 11:00:08 +02:00
Steve Rowe 566fcfce13 SOLR-10761: Switch trie numeric/date fields to points in data-driven-enabled example and test schemas 2017-06-09 19:43:01 -04:00
Varun Thacker 2c9f8604c2 SOLR-8437: Improve RAMDirectory details in sample solrconfig files 2017-06-02 21:56:49 -07:00
Chris Hostetter fb3d3f1c92 SOLR-10791: Remove deprecated options in SSLTestConfig 2017-06-01 10:50:58 -07:00
Mark Miller 872b0dba2d SOLR-10360: Solr HDFS snapshot export fails due to FileNotFoundException error when using MR1 instead of yarn.
This closes #173
2017-05-31 14:24:18 -04:00
Steve Rowe 78e7e1c307 SOLR-10379: Add ManagedSynonymGraphFilterFactory, deprecate ManagedSynonymFilterFactory 2017-05-25 17:49:20 -04:00
Jan Høydahl 21384b5b21 SOLR-10042: Delete old deprecated Admin UI 2017-05-18 14:12:59 +02:00
Mark Miller 0fb89f17e1 SOLR-10307: Allow Passing SSL passwords through environment variables. 2017-05-16 14:19:16 -03:00
Erik Hatcher 6c565c001b SOLR-1485: Add payload support 2017-05-01 21:35:29 -04:00
Jan Høydahl 61f64829d8 SOLR-7041: Remove a lot of defaultOperator and defaultSearchField from test configs (still more work to do) 2017-04-29 20:39:50 +02:00
Steve Rowe 57f17b1118 SOLR-9386: Upgrade Zookeeper to 3.4.10 2017-04-28 11:24:53 -04:00
Steve Rowe 1a80e4d694 SOLR-10343: Update Solr default/example and test configs to use SynonymGraphFilterFactory 2017-03-28 11:47:02 -04:00