Versions Compared

Old Version 30

changes.mady.by.user Jan Høydahl

Saved on

compared with

New Version 31

changes.mady.by.user Jan Høydahl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Moved Jetty Request Log to "Others"

...

  • Certificate Authentication Plugin: Supports loading the certificate subject via a user principal into the AuthorizationContext and enables end-to-end use of client certificates for Authentication and Authorization
  • Improved security when using PKI Authentication plugin
  • Upgrade to ZK 3.7 allows for TLS communication between Solr and Zookeeper
  • Jetty Request log is now enabled by default
  • All request handlers support security permissions for access
  • Ability to disable admin UI through a system property
  • The property blockUnknown in the BasicAuthPlugin and the JWTAuthPlugin now defaults to true. This change is backward incompatible. If you need the pre-9.0 default behavior, you need to explicitly set blockUnknown:false in security.json.
  • The allow-list defining allowed URLs for the shards parameter is not in the shardHandler configuration anymore. It is defined by the allowUrls top-level property of the solr.xml file. For more information, see Format of solr.allowUrls documentation
  • Solr now runs with the java security manager enabled by default. Administrators that need to run Solr with Hadoop will need to disable this feature by setting SOLR_SECURITY_MANAGER_ENABLED=false in the environment or in one of the Solr init scripts. 
  • Solr embedded zookeeper only binds to localhost by default. This embedded zookeeper should not be used in production. If you rely upon the previous behavior, then you can change the clientPortAddress in solr/server/solr/zoo.cfg
  • Dependency updates - A lot of dependency updates make Solr overall much more secure.

...

  • Admin UI support for SQL Querying
  • Contrib modules are now just "modules". You can easily enable module(s) through environment variable SOLR_MODULES
  • Features lifted out as separate modules are: HDFS, Hadoop-Auth, Scripting and JWT-Auth
  • The "dist" folder in the release is gone. Module jars are now inside respective module's lib/ folder
  • Metrics handler only depends on SolrJ instead of core and has its own log4j2.xml now so it doesn’t share Solr’s logging config
  • SolrJ class CloudSolrClient now supports HTTP2. It has a new Builder. See CloudLegacySolrClient (deprecated) for the 8.x version of this class
  • Jetty Request log is now enabled by default, i.e. logging every request

Deprecations and Removals

...