Versions Compared

Old Version 22

changes.mady.by.user Jan Høydahl

Saved on

compared with

New Version 23

changes.mady.by.user Anshum Gupta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Certificate Authentication Plugin: Supports loading the certificate subject via a user principal into the AuthorizationContext and enables end-to-end use of client certificates for Authentication and Authorization
  • Improved security when using PKI Authentication plugin
  • Upgrade to ZK 3.7 allows for TLS communication between Solr and Zookeeper
  • Jetty Request log is now enabled by default
  • All request handlers support security permissions for access
  • Ability to disable admin UI through a system property
  • The property blockUnknown in the BasicAuthPlugin and the JWTAuthPlugin now defaults to true. This change is backward incompatible. If you need the pre-9.0 default behavior, you need to explicitly set blockUnknown:false in security.json.
  • The allow-list defining allowed URLs for the shards parameter is not in the shardHandler configuration anymore. It is defined by the allowUrls top-level property of the solr.xml file. For more information, see Format of solr.allowUrls documentation
  • Solr now runs with the java security manager enabled by default. Administrators that need to run Solr with Hadoop will need to disable this feature by setting SOLR_SECURITY_MANAGER_ENABLED=false in the environment or in one of the Solr init scripts. 
  • Solr embedded zookeeper only binds to localhost by default. This embedded zookeeper should not be used in production. If you rely upon the previous behavior, then you can change the clientPortAddress in solr/server/solr/zoo.cfg

Stability

  • Dependency updates - A lot of dependency updates make Solr overall much more secure.

Stability and Scalability

  • Rate limiting provides a way to throttle update and search requests based on usage metrics.
  • Task management interface allows declaring tasks as cancellable and trackable.

...

  • Ability to specify node roles in Solr. This release supports 'Overseer' and 'Data' roles out of the box.
  • New API for pluggable replica assignment implementations that replaces the auto-scaling framework.
  • An option to enable distributed processing of cluster state updates and Collection and Config API call processing without relying on the Overseer.

...