Dovecot - Upgrade Solr 7.7.2 to 8.4.1

[Domenico Pastore]

Hi,
thanks for your answer.

I confirm, mitigate this issue is very very easy.
There are other issues with high severity for example CVE-2019-17558.

Description: Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter

I think for this issue there is only a solution, upgrade Solr to 8.4. It's Correct?

So, with Dovecot is it possible to use Apache Solr 8.4?
High RAM usage is the only problem?

Thanks,

Br,
Domenico


Domenico Pastore
Senior Cloud Engineer
T 06.98269600 | M 347.1474270 | F 06.98269680
Par-Tec<http://www.par-tec.it> | beyond the IT domain
Via Cristoforo Colombo 163, 00147 Roma
CONFIDENZIALE: Questo messaggio ed i suoi allegati sono di carattere confidenziale. È vietato l'inoltro non autorizzato a destinatari diversi da quelli indicati nel messaggio originale. Se ricevuto per errore si prega di informare il mittente e cancellarlo immediatamente.





Il giorno 22 gen 2020, alle ore 15:26, deano-dovecot at areyes.com<mailto:deano-dovecot at areyes.com> ha scritto:

On 2020-01-22 8:42 am, Domenico Pastore wrote:
Hello,
I have Dovecot configured with Solr for the indexes.
I have need your support for upgrade solr 7.7.2 to 8.4.1.
Solr 7.7.2 has a security issue CVE-2019-12409.
It's possible upgrade of Solr?
Dovecot work correctly with Solr 8.x?
The Solr documentation recommended after updating:
"It is always strongly recommended that you fully reindex your
documents after a major version upgrade."
There are tips for Dovecot?

Easy mitigation - block or control all access on port 18983 via iptables ?  Might be a bit of a blanket statement though ...

Be aware than later version of Solr use a *lot* more ram.  I tested last year with 8.3.0 and even with tuning was seeing a much higher higher RES memory usage.

DC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200122/7e8ef971/attachment.html>