Attention Apache Solr users! If you’re running versions 6.0.0 through 8.11.2 or 9.0.0 before 9.4.1, it’s critical to upgrade immediately due to newly discovered security vulnerabilities. These vulnerabilities could allow attackers to gain unauthorized access, leak sensitive information, or even compromise your entire system.

What are the latest Apache Solr security vulnerabilities?

Three main vulnerabilities have been identified:

• CVE-2023-50291 – This vulnerability can cause Solr to improperly leak passwords.
• CVE-2023-50386 – This vulnerability allows attackers to upload malicious code, potentially taking control of your Solr instance.
• CVE-2023-50298 – This vulnerability exposes sensitive information, such as passwords and authentication credentials, to unauthorized actors.

Who is affected?

Any Solr instance running versions 6.0.0 through 8.11.2 and 9.0.0 before 9.4.1 is vulnerable. To find your version, check your Solr documentation or configuration files.

What should you do?

There’s no time to waste! Update your Solr instance to the latest version immediately. Here are your options:

• Upgrade to Solr 9.5.0: This is the latest stable release and includes both security fixes and performance improvements.
• Upgrade to Solr 8.11.3: If you’re unable to upgrade to 9.5.0 yet, consider upgrading to 8.11.3, the latest release in the 8.x series. However, keep in mind that 8.x is nearing its end-of-life and will not receive future security updates.

Additional resources:

• Solr Consulting and Implementation Services – Pureinsights
• Solr News – Apache Solr
• Solr Downloads: https://solr.apache.org/downloads.html

Don’t wait – update your Solr instance today and protect your data from these critical Apache Solr security vulnerabilities. Remember, security is an ongoing process, so stay informed about future updates and patches to ensure your Solr deployment remains secure.

If you need any help with your Apache Solr implementation, please feel free to CONTACT US.