Known Issues in Apache Solr
This topic describes known issues and workarounds for using Solr in this release of Cloudera Runtime.
Technical Service Bulletins
- TSB 2021-497: CVE-2021-27905: Apache Solr SSRF vulnerability with the Replication handler
- The Apache Solr ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter. The “masterUrl” parameter is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To help prevent the CVE-2021-27905 SSRF vulnerability, Solr should check these parameters against a similar configuration used for the "shards" parameter.
- Knowledge article
- For the latest update on this issue see the corresponding Knowledge article: TSB 2021-497: CVE-2021-27905: Apache Solr SSRF vulnerability with the Replication handler
