diff --git a/solr/README-short.txt b/solr/README-short.txt index 3ae4ad4018df..257a196c62fd 100644 --- a/solr/README-short.txt +++ b/solr/README-short.txt @@ -1 +1 @@ -Solr is the popular, blazing-fast, open source enterprise search platform built on Apache Lucene™. +Apache Solr is the popular, blazing-fast, open source search platform built on Apache Lucene™. diff --git a/solr/content.md b/solr/content.md index 17db6ee5e3ff..2bc885d95d65 100644 --- a/solr/content.md +++ b/solr/content.md @@ -1,13 +1,3 @@ -# NOTE: Not vulnerable to Log4J 2 "Log4shell" - -Some Docker images *were* vulnerable to one of a pair of vulnerabilities in Log4J 2. But we have mitigated *[supported](https://hub.docker.com/_/solr?tab=tags)* images (and some others) and re-published them. You may need to re-pull the image you are using. For those images prior to 8.11.1, Solr is using a popular technique to mitigate the problem -- setting `log4j2.formatMsgNoLookups`. The Solr maintainers have deemed this adequate based specifically on how Solr uses logging; it won't be adequate for all projects that use Log4J. Scanning software might alert you to the presence of an older Log4J JAR file, however it can't know if your software (Solr) uses the artifacts in a vulnerable way. To validate the mitigation being in place, look for `-Dlog4j2.formatMsgNoLookups` in the Args section of Solr's front admin screen. As of Solr 8.11.1, Solr is using Log4J 2.16.0. - -References: - -- [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228): Solr *was* vulnerable to this. -- [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046): Solr *never was* vulnerable to this. -- [Solr's security bulletin](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) - # What is Solr? Solr is the popular, blazing fast, open source NoSQL search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document handling, and geospatial search. Solr is highly scalable, providing fault tolerant distributed search and indexing, and powers the search and navigation features of many of the world's largest internet sites. @@ -18,6 +8,8 @@ Learn more on [Apache Solr homepage](http://solr.apache.org/) and in the [Apache # How to use this Docker image +Full documentation can be found in the [Solr Reference Guide's Docker section](https://solr.apache.org/guide/solr/latest/deployment-guide/solr-in-docker.html). + To run a single Solr server: ```console @@ -26,12 +18,22 @@ $ docker run -p 8983:8983 -t %%IMAGE%% Then with a web browser go to http://localhost:8983/ to see the Solr Admin Console. -For more detailed instructions for using this image, see the [README](https://github.com/docker-solr/docker-solr/blob/master/README.md). - # About this repository -This repository is available on [github.com/docker-solr/docker-solr](https://github.com/docker-solr/docker-solr), and the official build is on the [Docker Hub](https://hub.docker.com/_/solr/). +This repository is available on [github.com/apache/solr-docker](https://github.com/apache/solr-docker), but the image is built and maintained in the official Solr repo [github.com/apache/solr](https://github.com/apache/solr). + +Please direct any usage questions to the [Solr users mailing list](https://solr.apache.org/community.html#mailing-lists-chat). # History -This project was started in 2015 by [Martijn Koster](https://github.com/makuk66). In 2019 maintainership and copyright was transferred to the Apache Lucene/Solr project. Many thanks to Martijn for all your contributions over the years! +This project was started in 2015 by [Martijn Koster](https://github.com/makuk66) in the [github.com/docker-solr/docker-solr](https://github.com/docker-solr/docker-solr) repository. In 2019, the maintainership and copyright was transferred to the Apache Solr project. Many thanks to Martijn for all your contributions over the years! + +# NOTE: Not vulnerable to Log4J 2 "Log4shell" + +Some Docker images *were* vulnerable to one of a pair of vulnerabilities in Log4J 2. But we have mitigated *[supported](https://hub.docker.com/_/solr?tab=tags)* images (and some others) and re-published them. You may need to re-pull the image you are using. For those images prior to 8.11.1, Solr is using a popular technique to mitigate the problem -- setting `log4j2.formatMsgNoLookups`. The Solr maintainers have deemed this adequate based specifically on how Solr uses logging; it won't be adequate for all projects that use Log4J. Scanning software might alert you to the presence of an older Log4J JAR file, however it can't know if your software (Solr) uses the artifacts in a vulnerable way. To validate the mitigation being in place, look for `-Dlog4j2.formatMsgNoLookups` in the Args section of Solr's front admin screen. As of Solr 8.11.1, Solr is using Log4J 2.16.0. + +References: + +- [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228): Solr *was* vulnerable to this. +- [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046): Solr *never was* vulnerable to this. +- [Solr security bulletin](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) diff --git a/solr/github-repo b/solr/github-repo index 307cafa2efdf..f77ba85345ff 100644 --- a/solr/github-repo +++ b/solr/github-repo @@ -1 +1 @@ -https://github.com/docker-solr/docker-solr +https://github.com/apache/solr diff --git a/solr/issues.md b/solr/issues.md new file mode 100644 index 000000000000..773a06b544d2 --- /dev/null +++ b/solr/issues.md @@ -0,0 +1 @@ +[The Solr Users mailing list](https://solr.apache.org/community.html#mailing-lists-chat) diff --git a/solr/license.md b/solr/license.md index 6d1c2be75f90..4432533f676e 100644 --- a/solr/license.md +++ b/solr/license.md @@ -2,7 +2,7 @@ Solr is licensed under the [Apache License, Version 2.0](https://www.apache.org/ This repository is also licensed under the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0). -Copyright 2015-2021 The Apache Software Foundation +Copyright 2015-2022 The Apache Software Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at