[MGNLEESOLR-165] Update to support Solr 8.x Created: 03/May/22  Updated: 13/Jul/22  Resolved: 24/May/22

Status: Closed
Project: Solr Search Provider
Component/s: None
Affects Version/s: None
Fix Version/s: 6.1

Type: Improvement Priority: Neutral
Reporter: Christopher Zimmermann Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLEESOLR-141 Solr module update to support Solr 8.x Closed
relates to MGNLEESOLR-147 Verify Magnolia configuration set exa... Accepted
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLEESOLR-166 Implement update to solrj 8.11.1 Sub-task Completed Milan Divilek  
MGNLEESOLR-167 Review Sub-task Completed Jaroslav Simak  
MGNLEESOLR-168 piQA Sub-task Completed Jaroslav Simak  
MGNLEESOLR-169 QA Sub-task Completed Jaroslav Simak  
MGNLEESOLR-170 Documentation Sub-task Completed  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Documentation update required:
Yes
Date of First Response:
Epic Link: DevX Bucket
Sprint: DevX 10
Story Points: 2
Team: DeveloperX

 Description   

As a developer I can use SOLR v8 in my projects and know that I am doing it in a supported way, so that I am on the latest version with no known CVE/Secuirty concerns.

Recommendations:

At least verify that SOLR 8 is compabilible.

At least document the necessary and approved configuration to use SOLR 8

Evaluate if it would cause problems to change our default version of SOLR to v8.

Determine when this update should be made (6.2 or 6.3)

If appropriate, do the upgrade.

Notes

Update to SOLR module to use Solr 8.x as there are various reported CVE on Solr 7.

https://solr.apache.org/security.html 



 Comments   
Comment by Christopher Zimmermann [ 03/May/22 ]

See conversation: https://magnolia-cms.slack.com/archives/CDF2T239Q/p1651475083084619

Comment by Adam Jones [ 13/May/22 ]

jsimak to check if we should jump to v9

Comment by Christopher Zimmermann [ 19/May/22 ]

Regarding: "Updating to *org.apache.solr:solr-solrj:8.11.1 * builds fine, if we decide to stick with same example configuration files, then this is update for 5m."
Is there any reason not to do this? Is there a risk involved? How big is the risk?
Is there another alternative?

Regarding: "Solr 9.0.0 minimal required version of Java is 11. This update would need to be done for Magnolia 6.3"
Sounds like a great idea, is there any reason not to do this?  Could you create a ticket for this with a proper fix version? Anything else to do so that we do not forget this?

Comment by Christopher Zimmermann [ 25/May/22 ]

mdivilek so for our current 6.2 customers -will this improvement be included in 6.2.20 release?

What can we tell Support and our current customers now, can you write a sentance here to Mercedes aand Ervin? 
https://magnolia-cms.slack.com/archives/CDF2T239Q/p1651475083084619

Generated at Mon Feb 12 11:00:45 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.