Dovecot - Upgrade Solr 7.7.2 to 8.4.1
Hello, I have Dovecot configured with Solr for the indexes.
I have need your support for upgrade solr 7.7.2 to 8.4.1. Solr 7.7.2 has a security issue CVE-2019-12409.
It's possible upgrade of Solr? Dovecot work correctly with Solr 8.x?
The Solr documentation recommended after updating: "It is always strongly recommended that you fully reindex your documents after a major version upgrade."
There are tips for Dovecot?
Br, Domenico
On 2020-01-22 8:42 am, Domenico Pastore wrote:
Hello, I have Dovecot configured with Solr for the indexes.
I have need your support for upgrade solr 7.7.2 to 8.4.1. Solr 7.7.2 has a security issue CVE-2019-12409.
It's possible upgrade of Solr? Dovecot work correctly with Solr 8.x?
The Solr documentation recommended after updating: "It is always strongly recommended that you fully reindex your documents after a major version upgrade."
There are tips for Dovecot?
Easy mitigation - block or control all access on port 18983 via iptables ? Might be a bit of a blanket statement though ...
Be aware than later version of Solr use a *lot* more ram. I tested last year with 8.3.0 and even with tuning was seeing a much higher higher RES memory usage.
DC
Hi, thanks for your answer.
I confirm, mitigate this issue is very very easy. There are other issues with high severity for example CVE-2019-17558.
Description: Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter
I think for this issue there is only a solution, upgrade Solr to 8.4. It's Correct?
So, with Dovecot is it possible to use Apache Solr 8.4? High RAM usage is the only problem?
Thanks,
Br, Domenico
Domenico Pastore Senior Cloud Engineer T 06.98269600 | M 347.1474270 | F 06.98269680 Par-Techttp://www.par-tec.it | beyond the IT domain Via Cristoforo Colombo 163, 00147 Roma CONFIDENZIALE: Questo messaggio ed i suoi allegati sono di carattere confidenziale. È vietato l'inoltro non autorizzato a destinatari diversi da quelli indicati nel messaggio originale. Se ricevuto per errore si prega di informare il mittente e cancellarlo immediatamente.
Il giorno 22 gen 2020, alle ore 15:26, deano-dovecot@areyes.commailto:deano-dovecot@areyes.com ha scritto:
On 2020-01-22 8:42 am, Domenico Pastore wrote: Hello, I have Dovecot configured with Solr for the indexes. I have need your support for upgrade solr 7.7.2 to 8.4.1. Solr 7.7.2 has a security issue CVE-2019-12409. It's possible upgrade of Solr? Dovecot work correctly with Solr 8.x? The Solr documentation recommended after updating: "It is always strongly recommended that you fully reindex your documents after a major version upgrade." There are tips for Dovecot?
Easy mitigation - block or control all access on port 18983 via iptables ? Might be a bit of a blanket statement though ...
Be aware than later version of Solr use a *lot* more ram. I tested last year with 8.3.0 and even with tuning was seeing a much higher higher RES memory usage.
DC
On 1/22/2020 4:03 PM, Domenico Pastore wrote:
So, with Dovecot is it possible to use Apache Solr 8.4? High RAM usage is the only problem?
I don't know whether it's possible, but I imagine there is some way to make it work. I don't see anything in the solrconfig or schema provided for fts_solr with Solr 7.7 that wouldn't work in 8.x. The solrconfig does contain config that sets the default field to _text_, which is a nonexistent field in the schema. If that were going to be a problem, it would affect all Solr versions.
As for the memory ... Solr is a Java program. Java programs have a configurable limit on the amount of heap memory they can allocate, enforced by Java itself. There is no difference between 7.x and 8.x in this. Java is only going to use more memory if you tell it that it is allowed to do so.
Thanks, Shawn
participants (4)
-
deano-dovecot@areyes.com
-
Domenico Pastore
-
Gedalya
-
Shawn Heisey