Search UI Components for React – Search with Drupal Headless
Learn how to build a headless Drupal site with React and SearchStax Studio.
Product Announcement / New Vulnerability Identified in Apache Solr — CVE-2020-13957
A new vulnerability was recently identified in Apache Solr. We want to report this security vulnerability to you, describe how we responded to the incident and reiterate our commitment to constantly improving the security and integrity of our customers’ Solr deployments, data and service.
The new vulnerability has been identified in Solr – CVE-2020-13957. This vulnerability was initially reported on October 13, 2020, and was assessed as a Critical vulnerability on 23rd October with a CVSS score of 9.8.
This blog post describes the vulnerability, offers recommended mitigations for all users and provides specific mitigation steps for SearchStax customers.
Certain Apache Solr are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
Apache Solr versions affected:
Specifically, the Apache Solr versions referenced above prevent some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
Any of the following steps are sufficient to prevent this vulnerability:
SearchStax offers both IP Filtering and Solr Basic Authentication to secure your Solr deployments and recommends that both of these Security settings are applied whenever possible.
If you are a SearchStax customer, our team may have already contacted you or will contact you shortly to work with you to make sure your deployments are secure. If you have any other questions about the Solr Vulnerability, please contact SearchStax Support or submit a support ticket.
We developed and implemented a software update to address this vulnerability so new deployments going forward will automatically be secure and will not be impacted by the vulnerability.
Learn how to build a headless Drupal site with React and SearchStax Studio.
It’s easier than ever to build customized site search with SearchStax Studio. Learn how to build Vue search apps for
In this blog, we delve into Headless Content Management Systems, their role in content storage and rendering, and various rendering
Copyrights © SearchStax Inc.2014-2023. All Rights Reserved.
close
close
close