This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 42f889fb9 Commit build products
42f889fb9 is described below
commit 42f889fb91de20ab96c1c9e2388d756510638959
Author: Build Pelican (action) <[email protected]>
AuthorDate: Sun Dec 14 17:40:52 2025 +0000
Commit build products
---
output/feeds/all.atom.xml | 84 ++++++++++++++++++++++++----------
output/feeds/solr/security.atom.xml | 61 ++++++++++++++++++++++++-
output/index.html | 2 +-
output/news.html | 56 +++++++++++++++++++++++
output/operator/index.html | 2 +-
output/security.html | 91 +++++++++++++++++++++++++------------
6 files changed, 241 insertions(+), 55 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index d064757c0..d3652b32b 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -1,5 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"/><link href="/feeds/all.atom.xml"
rel="self"/><id>/</id><updated>2025-11-06T00:00:00+00:00</updated><entry><title>Apache
Solr™ 9.10.0 available</title><link href="/apache-solrtm-9100-available.html"
rel="alternate"/><published>2025-11-06T00:00:00+00:00</published><updated>2025-11-06T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-11-06:/apache-solrtm-9 [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr</title><link
href="/" rel="alternate"/><link href="/feeds/all.atom.xml"
rel="self"/><id>/</id><updated>2025-12-09T00:00:00+00:00</updated><entry><title>CVE-2025-66516:
Apache Solr extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12-09T00:00:00+00:00</publish [...]
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction
module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract
content from PDF files. A vulnerability in Tika allows attackers to submit
specially crafted PDFs that can read files from the server
…</p></summary><content
type="html"><p><strong>Severity</strong></p>
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction
module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract
content from PDF files. A vulnerability in Tika allows attackers to submit
specially crafted PDFs that can read files from the server.</p>
+<p><strong>Who is affected:</strong></p>
+<ul>
+<li>Solr instances using the extraction module with the 'local' backend
(default)</li>
+<li>Systems that allow untrusted users to upload PDF files for
indexing</li>
+</ul>
+<p><strong>Who is NOT affected:</strong></p>
+<ul>
+<li>Solr instances not using the extraction module</li>
+<li>Deployments using the TikaServer extraction backend in Solr
9.10</li>
+</ul>
+<p><strong>Impact:</strong></p>
+<ul>
+<li><strong>Solr 6.2-8.x</strong>: Attackers can read
arbitrary system files (e.g., /etc/passwd, application secrets)</li>
+<li><strong>Solr 9.x</strong>: The Java Security Manager
(enabled by default) limits file access to Solr's directories only, reducing
impact. However, Solr configuration files and indexed data remain at
risk.</li>
+<li>All versions: Possible denial of service and limited network
requests</li>
+</ul>
+<p><strong>Mitigation</strong></p>
+<p>Disable XFA form parsing in PDFs by configuring a parseContext
file.</p>
+<p><strong>Step 1:</strong> Create or edit
<code>parseContext.xml</code> in your configset's
<code>conf/</code> directory:</p>
+<div
class="codehilite"><pre><span></span><code><span
class="cp">&lt;?xml version=&quot;1.0&quot;
?&gt;</span>
+<span class="nt">&lt;entries&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;entry</span><span class="w">
</span><span class="na">class=</span><span
class="s">&quot;org.apache.tika.parser.pdf.PDFParserConfig&quot;</span><span
class="w"> </span><span class="na">impl=</span><span
class="s">&quot;org.apache.tika.parser.pdf.PDFParserConfig&quot;</span><span
class="nt">&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;property</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;extractAcroFormContent&quot;</span><span
class="w"> </span><span class="na">value=</span><span
class="s">&quot;false&quot;</span><span
class="nt">/&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;/entry&gt;</span>
+<span class="nt">&lt;/entries&gt;</span>
+</code></pre></div>
+
+<p><strong>Step 2:</strong> Reference this file in your
extraction handler in <code>solrconfig.xml</code>:</p>
+<div
class="codehilite"><pre><span></span><code><span
class="nt">&lt;requestHandler</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;/update/extract&quot;</span><span
class="w"> </span><span class="na">class=</span><span
class="s">&quot;org.apache.solr.handler.extraction.ExtractingRequestHandler&quot;</span><span
class="n [...]
+<span class="w"> </span><span
class="nt">&lt;str</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;parseContext.config&quot;</span><span
class="nt">&gt;</span>parseContext.xml<span
class="nt">&lt;/str&gt;</span>
+<span class="nt">&lt;/requestHandler&gt;</span>
+</code></pre></div>
+
+<p><strong>Step 3:</strong> Reload your collection or
restart Solr.</p>
+<p><strong>Note:</strong> Solr 9.10.1 and later (once
available) will include this mitigation by default.</p>
+<p><strong>Credit</strong></p>
+<p>Apache Tika Security Team (vulnerability discovery)</p>
+<p><strong>References</strong></p>
+<ul>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66516">CVE-2025-66516</a>
(supersedes CVE-2025-54988)</li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-54988">CVE-2025-54988</a>
(initial report)</li>
+<li>NVD - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516">CVE-2025-66516
Analysis</a></li>
+<li>Apache Tika - <a
href="https://lists.apache.org/thread/tdqvvx28f83o4px8xnoso1xmo5h0d0dl">CVE-2025-54988
Advisory</a></li>
+<li>SOLR-17888 - <a
href="https://issues.apache.org/jira/browse/SOLR-17888">SOLR-17888</a>
</li>
+</ul></content><category
term="solr/security"/></entry><entry><title>Apache Solr™ 9.10.0
available</title><link href="/apache-solrtm-9100-available.html"
rel="alternate"/><published>2025-11-06T00:00:00+00:00</published><updated>2025-11-06T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-11-06:/apache-solrtm-9100-available.html</id><summary
type="html"><p>The Solr PMC is pleased to announce the release of Apache
Solr 9.10.0.</p>
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, vector, analytics, and geospatial
search at many of the world's largest organizations. Other major features
include Kubernetes and docker …</p></summary><content
type="html"><p>The Solr PMC is pleased to announce the release of Apache
Solr 9.10.0.</p>
<p>Solr is the blazing-fast, open source, multi-modal search platform
built on Apache Lucene. It powers full-text, vector, analytics, and geospatial
search at many of the world's largest organizations. Other major features
include Kubernetes and docker integration, streaming, highlighting, faceting,
and spellchecking.</p>
<p>Solr 9.10.0 is available for immediate download at:</p>
@@ -2262,25 +2321,4 @@ secure Solr servers.</p>
<li>Neural network modelling via learning to rank</li>
<li>Solr runs with Java 10</li>
</ul>
-<p>The Apache Solr Reference Guide for 7.3 is also available in <a
href="https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.3.pdf">PDF
form</a> or <a
href="https://solr.apache.org/guide/7_3">online</a>.</p></content><category
term="solr/news"/></entry><entry><title>Apache Solr™ 6.6.3
available</title><link href="/"
rel="alternate"/><published>2018-03-07T00:00:00+00:00</published><updated>2018-03-07T00:00:00+00:00</upda
[...]
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the
-Apache Lucene project. Its major features include powerful full-text search,
-hit highlighting, faceted search and analytics, rich document parsing,
-geospatial search, extensive …</p></summary><content
type="html"><p>The Lucene PMC is pleased to announce the release of
Apache Solr 6.6.3.</p>
-<p>Solr is the popular, blazing fast, open source NoSQL search platform
from the
-Apache Lucene project. Its major features include powerful full-text search,
-hit highlighting, faceted search and analytics, rich document parsing,
-geospatial search, extensive REST APIs as well as parallel SQL. Solr is
-enterprise grade, secure and highly scalable, providing fault tolerant
-distributed search and indexing, and powers the search and navigation features
-of many of the world's largest internet sites.</p>
-<p>This release contains three bugfixes:</p>
-<ul>
-<li>Disallow reference to external resources in DataImportHandler's
dataConfig request parameter</li>
-<li>Allow collections created with legacyCloud=true to be opened if
legacyCloud=false</li>
-<li>LeaderInitiatedRecoveryThread now retries on
UnknownHostException</li>
-</ul>
-<p>The release is available for immediate download at:</p>
-<p><a
href="https://solr.apache.org/mirrors-solr-redir.html">https://solr.apache.org/mirrors-solr-redir.html</a></p>
-<p>Please read CHANGES.txt for a detailed list of changes:</p>
-<p><a
href="https://solr.apache.org/6_6_3/changes/Changes.html">https://solr.apache.org/6_6_3/changes/Changes.html</a></p></content><category
term="solr/news"/></entry></feed>
\ No newline at end of file
+<p>The Apache Solr Reference Guide for 7.3 is also available in <a
href="https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.3.pdf">PDF
form</a> or <a
href="https://solr.apache.org/guide/7_3">online</a>.</p></content><category
term="solr/news"/></entry></feed>
\ No newline at end of file
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index 5b8590f90..817dcb232 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -1,5 +1,64 @@
<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"/><link
href="/feeds/solr/security.atom.xml"
rel="self"/><id>/</id><updated>2025-01-26T00:00:00+00:00</updated><entry><title>CVE-2024-52012:
Apache Solr: Configset upload on Windows allows arbitrary path
write-access</title><link
href="/cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access.html"
rel="alternate"/><published>2025-01-26T00:00: [...]
+<feed xmlns="http://www.w3.org/2005/Atom";><title>Apache Solr -
solr/security</title><link href="/" rel="alternate"/><link
href="/feeds/solr/security.atom.xml"
rel="self"/><id>/</id><updated>2025-12-09T00:00:00+00:00</updated><entry><title>CVE-2025-66516:
Apache Solr extraction module vulnerable to XXE attacks via XFA content in
PDFs</title><link
href="/cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs.html"
rel="alternate"/><published>2025-12- [...]
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction
module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract
content from PDF files. A vulnerability in Tika allows attackers to submit
specially crafted PDFs that can read files from the server
…</p></summary><content
type="html"><p><strong>Severity</strong></p>
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction
module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract
content from PDF files. A vulnerability in Tika allows attackers to submit
specially crafted PDFs that can read files from the server.</p>
+<p><strong>Who is affected:</strong></p>
+<ul>
+<li>Solr instances using the extraction module with the 'local' backend
(default)</li>
+<li>Systems that allow untrusted users to upload PDF files for
indexing</li>
+</ul>
+<p><strong>Who is NOT affected:</strong></p>
+<ul>
+<li>Solr instances not using the extraction module</li>
+<li>Deployments using the TikaServer extraction backend in Solr
9.10</li>
+</ul>
+<p><strong>Impact:</strong></p>
+<ul>
+<li><strong>Solr 6.2-8.x</strong>: Attackers can read
arbitrary system files (e.g., /etc/passwd, application secrets)</li>
+<li><strong>Solr 9.x</strong>: The Java Security Manager
(enabled by default) limits file access to Solr's directories only, reducing
impact. However, Solr configuration files and indexed data remain at
risk.</li>
+<li>All versions: Possible denial of service and limited network
requests</li>
+</ul>
+<p><strong>Mitigation</strong></p>
+<p>Disable XFA form parsing in PDFs by configuring a parseContext
file.</p>
+<p><strong>Step 1:</strong> Create or edit
<code>parseContext.xml</code> in your configset's
<code>conf/</code> directory:</p>
+<div
class="codehilite"><pre><span></span><code><span
class="cp">&lt;?xml version=&quot;1.0&quot;
?&gt;</span>
+<span class="nt">&lt;entries&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;entry</span><span class="w">
</span><span class="na">class=</span><span
class="s">&quot;org.apache.tika.parser.pdf.PDFParserConfig&quot;</span><span
class="w"> </span><span class="na">impl=</span><span
class="s">&quot;org.apache.tika.parser.pdf.PDFParserConfig&quot;</span><span
class="nt">&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;property</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;extractAcroFormContent&quot;</span><span
class="w"> </span><span class="na">value=</span><span
class="s">&quot;false&quot;</span><span
class="nt">/&gt;</span>
+<span class="w"> </span><span
class="nt">&lt;/entry&gt;</span>
+<span class="nt">&lt;/entries&gt;</span>
+</code></pre></div>
+
+<p><strong>Step 2:</strong> Reference this file in your
extraction handler in <code>solrconfig.xml</code>:</p>
+<div
class="codehilite"><pre><span></span><code><span
class="nt">&lt;requestHandler</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;/update/extract&quot;</span><span
class="w"> </span><span class="na">class=</span><span
class="s">&quot;org.apache.solr.handler.extraction.ExtractingRequestHandler&quot;</span><span
class="n [...]
+<span class="w"> </span><span
class="nt">&lt;str</span><span class="w">
</span><span class="na">name=</span><span
class="s">&quot;parseContext.config&quot;</span><span
class="nt">&gt;</span>parseContext.xml<span
class="nt">&lt;/str&gt;</span>
+<span class="nt">&lt;/requestHandler&gt;</span>
+</code></pre></div>
+
+<p><strong>Step 3:</strong> Reload your collection or
restart Solr.</p>
+<p><strong>Note:</strong> Solr 9.10.1 and later (once
available) will include this mitigation by default.</p>
+<p><strong>Credit</strong></p>
+<p>Apache Tika Security Team (vulnerability discovery)</p>
+<p><strong>References</strong></p>
+<ul>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66516">CVE-2025-66516</a>
(supersedes CVE-2025-54988)</li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-54988">CVE-2025-54988</a>
(initial report)</li>
+<li>NVD - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516">CVE-2025-66516
Analysis</a></li>
+<li>Apache Tika - <a
href="https://lists.apache.org/thread/tdqvvx28f83o4px8xnoso1xmo5h0d0dl">CVE-2025-54988
Advisory</a></li>
+<li>SOLR-17888 - <a
href="https://issues.apache.org/jira/browse/SOLR-17888">SOLR-17888</a>
</li>
+</ul></content><category
term="solr/security"/></entry><entry><title>CVE-2024-52012: Apache Solr:
Configset upload on Windows allows arbitrary path write-access</title><link
href="/cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access.html"
rel="alternate"/><published>2025-01-26T00:00:00+00:00</published><updated>2025-01-26T00:00:00+00:00</updated><author><name>Solr
Developers</name></author><id>tag:None,2025-01-26:/cve-2024-52012-apache-solr-con
[...]
moderate</p>
<p><strong>Versions Affected</strong></p>
<ul>
diff --git a/output/index.html b/output/index.html
index 304f588fe..d03522720 100644
--- a/output/index.html
+++ b/output/index.html
@@ -130,7 +130,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2025-01-26">
+<section class="security" latest-date="2025-12-09">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="security.html">⚠ There are recent security
announcements. Read more on the Security page.</a></h2>
diff --git a/output/news.html b/output/news.html
index 6a463e175..eb8ebca94 100644
--- a/output/news.html
+++ b/output/news.html
@@ -150,6 +150,62 @@
<h1 id="solr-news">Solr<sup>™</sup> News<a class="headerlink"
href="#solr-news" title="Permanent link">¶</a></h1>
<p>You may also read these news as an <a
href="/feeds/solr/news.atom.xml">ATOM feed</a>.</p>
+ <h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">9
December 2025, CVE-2025-66516: Apache Solr extraction module vulnerable to XXE
attacks via XFA content in PDFs
+ <a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong></p>
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract content
from PDF files. A vulnerability in Tika allows attackers to submit specially
crafted PDFs that can read files from the server.</p>
+<p><strong>Who is affected:</strong></p>
+<ul>
+<li>Solr instances using the extraction module with the 'local' backend
(default)</li>
+<li>Systems that allow untrusted users to upload PDF files for indexing</li>
+</ul>
+<p><strong>Who is NOT affected:</strong></p>
+<ul>
+<li>Solr instances not using the extraction module</li>
+<li>Deployments using the TikaServer extraction backend in Solr 9.10</li>
+</ul>
+<p><strong>Impact:</strong></p>
+<ul>
+<li><strong>Solr 6.2-8.x</strong>: Attackers can read arbitrary system files
(e.g., /etc/passwd, application secrets)</li>
+<li><strong>Solr 9.x</strong>: The Java Security Manager (enabled by default)
limits file access to Solr's directories only, reducing impact. However, Solr
configuration files and indexed data remain at risk.</li>
+<li>All versions: Possible denial of service and limited network requests</li>
+</ul>
+<p><strong>Mitigation</strong></p>
+<p>Disable XFA form parsing in PDFs by configuring a parseContext file.</p>
+<p><strong>Step 1:</strong> Create or edit <code>parseContext.xml</code> in
your configset's <code>conf/</code> directory:</p>
+<div class="codehilite"><pre><span></span><code><span class="cp"><?xml
version="1.0" ?></span>
+<span class="nt"><entries></span>
+<span class="w"> </span><span class="nt"><entry</span><span class="w">
</span><span class="na">class=</span><span
class="s">"org.apache.tika.parser.pdf.PDFParserConfig"</span><span
class="w"> </span><span class="na">impl=</span><span
class="s">"org.apache.tika.parser.pdf.PDFParserConfig"</span><span
class="nt">></span>
+<span class="w"> </span><span class="nt"><property</span><span
class="w"> </span><span class="na">name=</span><span
class="s">"extractAcroFormContent"</span><span class="w">
</span><span class="na">value=</span><span
class="s">"false"</span><span class="nt">/></span>
+<span class="w"> </span><span class="nt"></entry></span>
+<span class="nt"></entries></span>
+</code></pre></div>
+
+<p><strong>Step 2:</strong> Reference this file in your extraction handler in
<code>solrconfig.xml</code>:</p>
+<div class="codehilite"><pre><span></span><code><span
class="nt"><requestHandler</span><span class="w"> </span><span
class="na">name=</span><span class="s">"/update/extract"</span><span
class="w"> </span><span class="na">class=</span><span
class="s">"org.apache.solr.handler.extraction.ExtractingRequestHandler"</span><span
class="nt">></span>
+<span class="w"> </span><span class="nt"><str</span><span class="w">
</span><span class="na">name=</span><span
class="s">"parseContext.config"</span><span
class="nt">></span>parseContext.xml<span class="nt"></str></span>
+<span class="nt"></requestHandler></span>
+</code></pre></div>
+
+<p><strong>Step 3:</strong> Reload your collection or restart Solr.</p>
+<p><strong>Note:</strong> Solr 9.10.1 and later (once available) will include
this mitigation by default.</p>
+<p><strong>Credit</strong></p>
+<p>Apache Tika Security Team (vulnerability discovery)</p>
+<p><strong>References</strong></p>
+<ul>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66516";>CVE-2025-66516</a>
(supersedes CVE-2025-54988)</li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-54988";>CVE-2025-54988</a>
(initial report)</li>
+<li>NVD - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516";>CVE-2025-66516
Analysis</a></li>
+<li>Apache Tika - <a
href="https://lists.apache.org/thread/tdqvvx28f83o4px8xnoso1xmo5h0d0dl";>CVE-2025-54988
Advisory</a></li>
+<li>SOLR-17888 - <a
href="https://issues.apache.org/jira/browse/SOLR-17888";>SOLR-17888</a> </li>
+</ul>
<h2 id="apache-solrtm-9100-available">6 November 2025, Apache Solr™ 9.10.0
available
<a class="headerlink" href="#apache-solrtm-9100-available"
title="Permanent link">¶</a>
</h2>
diff --git a/output/operator/index.html b/output/operator/index.html
index 518129d5c..9b80b8abd 100644
--- a/output/operator/index.html
+++ b/output/operator/index.html
@@ -122,7 +122,7 @@
</div>
<div class="header-fill"></div>
-<section class="security" latest-date="2025-01-26">
+<section class="security" latest-date="2025-12-09">
<div class="row">
<div class="large-12 columns text-center">
<h2><a href="/security.html">⚠ There are recent security
announcements. Read more on the Solr Security page.</a></h2>
diff --git a/output/security.html b/output/security.html
index 30ec024c6..42f2c4382 100644
--- a/output/security.html
+++ b/output/security.html
@@ -205,6 +205,11 @@ with you to see if we can provide this information in
other variations or format
<th width="95">Date</th>
<th>Announcement</th>
</tr>
+ <tr>
+ <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516";>CVE-2025-66516</a></td>
+ <td>2025-12-09</td>
+ <td><a
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">Apache
Solr extraction module vulnerable to XXE attacks via XFA content in
PDFs</a></td>
+ </tr>
<tr>
<td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-52012";>CVE-2024-52012</a></td>
<td>2025-01-26</td>
@@ -275,13 +280,65 @@ with you to see if we can provide this information in
other variations or format
<td>2021-04-12</td>
<td><a
href="#cve-2021-27905-ssrf-vulnerability-with-the-replication-handler">SSRF
vulnerability with the Replication handler</a></td>
</tr>
- <tr>
- <td><a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-29262";>CVE-2021-29262</a></td>
- <td>2021-04-12</td>
- <td><a
href="#cve-2021-29262-misapplied-zookeeper-acls-can-result-in-leakage-of-configured-authentication-and-authorization-settings">Misapplied
Zookeeper ACLs can result in leakage of configured authentication and
authorization settings</a></td>
- </tr>
</table>
+ <h2
id="cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs">2025-12-09,
CVE-2025-66516: Apache Solr extraction module vulnerable to XXE attacks via
XFA content in PDFs
+ <a class="headerlink"
href="#cve-2025-66516-apache-solr-extraction-module-vulnerable-to-xxe-attacks-via-xfa-content-in-pdfs"
title="Permanent link">¶</a>
+ </h2>
+ <p><strong>Severity</strong></p>
+<p>High</p>
+<p><strong>Versions Affected</strong></p>
+<ul>
+<li>Apache Solr 6.2.0 through 9.10.0 (when using the extraction module)</li>
+</ul>
+<p><strong>Description</strong></p>
+<p>Solr's extraction module (SolrCell) uses Apache Tika to extract content
from PDF files. A vulnerability in Tika allows attackers to submit specially
crafted PDFs that can read files from the server.</p>
+<p><strong>Who is affected:</strong></p>
+<ul>
+<li>Solr instances using the extraction module with the 'local' backend
(default)</li>
+<li>Systems that allow untrusted users to upload PDF files for indexing</li>
+</ul>
+<p><strong>Who is NOT affected:</strong></p>
+<ul>
+<li>Solr instances not using the extraction module</li>
+<li>Deployments using the TikaServer extraction backend in Solr 9.10</li>
+</ul>
+<p><strong>Impact:</strong></p>
+<ul>
+<li><strong>Solr 6.2-8.x</strong>: Attackers can read arbitrary system files
(e.g., /etc/passwd, application secrets)</li>
+<li><strong>Solr 9.x</strong>: The Java Security Manager (enabled by default)
limits file access to Solr's directories only, reducing impact. However, Solr
configuration files and indexed data remain at risk.</li>
+<li>All versions: Possible denial of service and limited network requests</li>
+</ul>
+<p><strong>Mitigation</strong></p>
+<p>Disable XFA form parsing in PDFs by configuring a parseContext file.</p>
+<p><strong>Step 1:</strong> Create or edit <code>parseContext.xml</code> in
your configset's <code>conf/</code> directory:</p>
+<div class="codehilite"><pre><span></span><code><span class="cp"><?xml
version="1.0" ?></span>
+<span class="nt"><entries></span>
+<span class="w"> </span><span class="nt"><entry</span><span class="w">
</span><span class="na">class=</span><span
class="s">"org.apache.tika.parser.pdf.PDFParserConfig"</span><span
class="w"> </span><span class="na">impl=</span><span
class="s">"org.apache.tika.parser.pdf.PDFParserConfig"</span><span
class="nt">></span>
+<span class="w"> </span><span class="nt"><property</span><span
class="w"> </span><span class="na">name=</span><span
class="s">"extractAcroFormContent"</span><span class="w">
</span><span class="na">value=</span><span
class="s">"false"</span><span class="nt">/></span>
+<span class="w"> </span><span class="nt"></entry></span>
+<span class="nt"></entries></span>
+</code></pre></div>
+
+<p><strong>Step 2:</strong> Reference this file in your extraction handler in
<code>solrconfig.xml</code>:</p>
+<div class="codehilite"><pre><span></span><code><span
class="nt"><requestHandler</span><span class="w"> </span><span
class="na">name=</span><span class="s">"/update/extract"</span><span
class="w"> </span><span class="na">class=</span><span
class="s">"org.apache.solr.handler.extraction.ExtractingRequestHandler"</span><span
class="nt">></span>
+<span class="w"> </span><span class="nt"><str</span><span class="w">
</span><span class="na">name=</span><span
class="s">"parseContext.config"</span><span
class="nt">></span>parseContext.xml<span class="nt"></str></span>
+<span class="nt"></requestHandler></span>
+</code></pre></div>
+
+<p><strong>Step 3:</strong> Reload your collection or restart Solr.</p>
+<p><strong>Note:</strong> Solr 9.10.1 and later (once available) will include
this mitigation by default.</p>
+<p><strong>Credit</strong></p>
+<p>Apache Tika Security Team (vulnerability discovery)</p>
+<p><strong>References</strong></p>
+<ul>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66516";>CVE-2025-66516</a>
(supersedes CVE-2025-54988)</li>
+<li>CVE - <a
href="https://www.cve.org/CVERecord?id=CVE-2025-54988";>CVE-2025-54988</a>
(initial report)</li>
+<li>NVD - <a
href="https://nvd.nist.gov/vuln/detail/CVE-2025-66516";>CVE-2025-66516
Analysis</a></li>
+<li>Apache Tika - <a
href="https://lists.apache.org/thread/tdqvvx28f83o4px8xnoso1xmo5h0d0dl";>CVE-2025-54988
Advisory</a></li>
+<li>SOLR-17888 - <a
href="https://issues.apache.org/jira/browse/SOLR-17888";>SOLR-17888</a> </li>
+</ul>
+ <hr/>
<h2
id="cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access">2025-01-26,
CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path
write-access
<a class="headerlink"
href="#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access"
title="Permanent link">¶</a>
</h2>
@@ -617,30 +674,6 @@ Any of the following are enough to prevent this
vulnerability:</p>
Reported by Caolinhong(Skay) from QI-ANXIN Cert (QI-ANXIN Technology Group
Inc.)</p>
<p><strong>References:</strong>
<a href="https://issues.apache.org/jira/browse/SOLR-15217";>SOLR-15217</a>:
CVE-2021-27905: SSRF vulnerability with the Replication handler</p>
- <hr/>
- <h2
id="cve-2021-29262-misapplied-zookeeper-acls-can-result-in-leakage-of-configured-authentication-and-authorization-settings">2021-04-12,
CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured
authentication and authorization settings
- <a class="headerlink"
href="#cve-2021-29262-misapplied-zookeeper-acls-can-result-in-leakage-of-configured-authentication-and-authorization-settings"
title="Permanent link">¶</a>
- </h2>
- <p><strong>Severity:</strong>
-High</p>
-<p><strong>Versions Affected:</strong>
-7.0.0 to 7.7.3
-8.0.0 to 8.8.1</p>
-<p><strong>Description:</strong>
-When starting Apache Solr versions prior to 8.8.2, configured with the
SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing
security.json znode, if the optional read-only user is configured then Solr
would not treat that node as a sensitive path and would allow it to be readable.
-Additionally, with any ZkACLProvider, if the security.json is already present,
Solr will not automatically update the ACLs.</p>
-<p><strong>Mitigation:</strong>
-Any of the following are enough to prevent this vulnerability:</p>
-<ul>
-<li>Manually set appropriate ACLs on /security.json znode.</li>
-<li>Upgrade to <code>Solr 8.8.2</code> or greater.</li>
-<li>If upgrading is not an option, consider applying the patch in <a
href="https://issues.apache.org/jira/browse/SOLR-15249";>SOLR-15249</a></li>
-<li>Ensure that any access to zookeeper is only by trusted application.</li>
-</ul>
-<p><strong>Credit:</strong>
-Timothy Potter and Mike Drob, Apple Cloud Services</p>
-<p><strong>References:</strong>
-<a href="https://issues.apache.org/jira/browse/SOLR-15249";>SOLR-15249</a>:
CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured
authentication and authorization settings</p>
<hr/>
<h1 id="cve-reports-for-apache-solr-dependencies">CVE reports for Apache
Solr dependencies</h1>
<p>Below is a list of CVE vulnerabilities in Apache Solr dependencies, and
the state of their applicability to Solr.</p>
