SearchStax

The SearchStax® Frequently Asked Questions page includes the following approved question and answer about our Apache Solr Cloud services.


Why is configset.upload.enabled set to false?

Users of Solr versions 6.6.0 to 8.6.2 sometimes discover that the configset.upload.enabled feature has been disabled in their Managed Solr cloud deployments.

In October 2020, Apache reported Critical Vulnerability CVE-2020-13957 (CVSS Score: 9.8). This vulnerability lets people attack your system through the configset.​upload.​enabled feature. For more information, see New Vulnerability Identified in Apache Solr — CVE-2020-13957.

SearchStax decided to patch all existing deployments to disable configset.upload.enabled. We sent out email at that time to all active SearchStax users notifying them of this change.

If you would like us to enable configset.upload.enabled for a specific deployment, we will be happy to do so. However, since this is a critical vulnerability, we require you to first secure Solr by IP Filtering and/or by Solr Basic Auth.

This vulnerability has been fixed in Solr 8.6.3.

Managed Solr deployments using Solr 8.6.3 (or higher) no longer have configset.upload.enable blocked.

If this situation impedes your project, consider upgrading to a higher version of Solr. 8.x.


We love to answer questions!

Please contact the SearchStax Support Desk immediately if you have any question about Solr Cloud deployments.

Return to Frequently Asked Questions.