[Archivesspace_Users_Group] Solr version

Chris Fitzpatrick Chris.Fitzpatrick at lyrasis.org
Sat Jan 16 03:56:00 EST 2016

Hi Rick,

We haven't updated Solr in a while, so it is still ships with v4.0.0. I've made a chore ticket <https://archivesspace.atlassian.net/browse/AR-1388> to update this.

That said, most of the security issues I am aware of with Solr have to do with XSS things in the admin console. The Solr index should be firewalled from any traffic other than ports from the application itself, so i think any security issues related to Solr would be minimal.

You can also use your own version of Solr and point the application at it.


Chris Fitzpatrick | Developer, ArchivesSpace
Skype: chrisfitzpat  | Phone: 918.236.6048

From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Neal, Rick <rneal at richmond.edu>
Sent: Friday, January 15, 2016 8:33 PM
To: Archivesspace Users Group
Subject: [Archivesspace_Users_Group] Solr version

Good afternoon,

We are in the middle of a security audit and it's complaining about my solr version. I see this in the solr admin console and I 'think' this is the current solr version:

There are multiple complaints by the scanner relating to solr versions < 4.1, < 4.31, <4.10.5, and <4.6.0.

We are running ArchiveSpace version 1.0.9 and I was wondering what version of solr is included in the latest stable ArchiveSpace release.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20160116/4f4023bf/attachment.html>

More information about the Archivesspace_Users_Group mailing list