January 25, 2018
As you may be aware, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) are some of the most widespread security issues in modern computing history. They affect almost every computer built in the last 10 years. This processor vulnerability is a CPU hardware architecture design issue that affects billions of hardware devices. Through a CPU architecture design flaw, links can be established between user and kernel memory pages, allowing attackers to obtain access to sensitive information.
The most important thing to know is that this vulnerability is not exploitable remotely, and requires that someone execute the malicious code locally. Keeping customers secure is always our top priority and we are taking active steps to ensure that no SearchStax customer is exposed to these vulnerabilities. At the time of this blog post, SearchStax has not received any information to indicate that these vulnerabilities have been used to attack SearchStax customers.
Since replacing CPUs is practically not feasible, operating system kernels are being patched to mitigate the critical security vulnerability. The good news is that patches have been released by almost all vendors, however the bad news is, the fixes can slow down the devices with some initial (disputed) reporting of an up to 30% performance hit to the CPU .
At this time, SearchStax does not have conclusive results on how much performance impact you might expect on your Apache Solr Deployments. Please check again as we will update this as we have more information. For customers, who would like to mitigate the risk of performance slowdown on their Apache Solr Deployments, we recommend you either add or request to add one or more nodes to your deployments that would provision enough capacity for your cluster. If you’d like assistance from the SearchStax team, please feel free to open a support ticket and we can provide recommendations or guidance around that.
As of January 24, 2018, SearchStax has applied several updates across all it’s customer base as well as core infrastructure to help mitigate these vulnerabilities and protect customer deployments.
If you have more questions, please feel free to send an email to firstname.lastname@example.org and we can schedule a call to discuss further.
The SearchStax Team