Security focused Solr 5.3 on its way

Solr/Lucene version 5.3 is on its way out the door any of these days. In addition to the usual list of bug fixes and optimizations, it adds some new features, mainly related to security. Some are:

  • SOLR-7757: Improved security framework where security components can be edited/reloaded
  • SOLR-7838: An authorizationPlugin interface where the access control rules are stored/managed in ZooKeeper
  • SOLR-7837: An AuthenticationPlugin which implements the HTTP BasicAuth protocol and stores credentials securely in ZooKeeper
  • SOLR-7849: Solr-managed inter-node authentication
  • SOLR-7724: SolrJ now supports parsing the output of the clustering component
  • SOLR-7651: New response format added wt=smile (platform independent binary format)

The built-in support for Authentication includes Kerberos and Basic Auth. By configuring Rule-based Authorization, you can also control which users have control over which actions in Solr. If you also enable SSL and protect ZooKeeper content, Solr has gained a nice set of security capabilities in very short time!

Also in this release, Cominvent have contributed the following bug fixes:

  • SOLR-7735: Look for solr.xml in Zookeeper by default in SolrCloud mode
  • SOLR-7863: Lowercase the CLUSTERPROP command in ZkCLI for consistency

See CHANGES.TXT for details about all changes in this release.