SearchStax

The SearchStax® Frequently Asked Questions page includes the following approved question and answer about our Apache Solr Cloud services.


Why is the Configset API disabled?

Users of Solr versions 6.6.0 to 8.6.2 sometimes discover that the Solr Configsets API feature has been disabled in their SearchStax Cloud deployments by the system property configset.upload.enabled=false. (It has no effect on config upload using zkcli.sh/bat.)

In October 2020, Apache reported Critical Vulnerability CVE-2020-13957 (CVSS Score: 9.8). This vulnerability lets people attack your system through the configset.​upload.​enabled feature. For more information, see New Vulnerability Identified in Apache Solr — CVE-2020-13957.

SearchStax decided to patch all existing deployments to disable configset.upload.enabled. We sent out email at that time to all active SearchStax users notifying them of this change.

If you would like us to enable configset.upload.enabled for a specific deployment, we will be happy to do so. However, since this is a critical vulnerability, we require you to first secure Solr by IP Filtering and/or by Solr Basic Auth.

This vulnerability has been fixed in Solr 8.6.3.

SearchStax Cloud deployments using Solr 8.6.3 (or higher) no longer have configset.upload.enable blocked.

If this situation impedes your project, consider upgrading to a higher version of Solr. 8.x.

Was this article helpful?
YesNo

We love to answer questions!

Please contact the SearchStax Support Desk immediately if you have any question about Solr Cloud deployments.

Return to Frequently Asked Questions.