lucene-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Miller <>
Subject [ANNOUNCE] Apache Solr 4.10.3 released
Date Mon, 29 Dec 2014 19:10:25 GMT
December 2014, Apache Solr™ 4.10.3 available

The Lucene PMC is pleased to announce the release of Apache Solr 4.10.3

Solr is the popular, blazing fast, open source NoSQL search platform
from the Apache Lucene project. Its major features include powerful
full-text search, hit highlighting, faceted search, dynamic
clustering, database integration, rich document (e.g., Word, PDF)
handling, and geospatial search. Solr is highly scalable, providing
fault tolerant distributed search and indexing, and powers the search
and navigation features of many of the world's largest internet sites.

Solr 4.10.3 is available for immediate download at:

Solr 4.10.3 includes 21 bug fixes, as well as Lucene 4.10.3 and its 12
bug fixes.

This release fixes the following security vulnerability that has
affected Solr since the Solr 4.0 Alpha release.

CVE-2014-3628: Stored XSS vulnerability in Solr Admin UI.

Information disclosure: The Solr Admin UI Plugin / Stats page does not
escape data values which allows an attacker to execute javascript by
executing a query that will be stored and displayed via the
'fieldvaluecache' object.

See the CHANGES.txt file included with the release for a full list of
changes and further details.

Please report any feedback to the mailing lists

Note: The Apache Software Foundation uses an extensive mirroring
network for distributing releases. It is possible that the mirror you
are using may not have replicated the release yet. If that is the
case, please try another mirror. This also goes for Maven access.

Happy Holidays,

Mark Miller

View raw message