Solr Upgrade Notes
The following notes describe changes to Solr in recent releases that you should be aware of before upgrading.
These notes highlight the biggest changes that may impact the largest number of implementations. It is not a comprehensive list of all changes to Solr in any release.
When planning your Solr upgrade, consider the customizations you have made to
your system and review the CHANGES.txt
file found in your Solr package. That file includes all the changes and updates
that may effect your existing implementation.
Detailed steps for upgrading a Solr cluster are in the section Upgrading a Solr Cluster.
Upgrading to 8.x Releases
If you are upgrading from 7.x, see the section Upgrading from 7.x Releases below.
Solr 8.4
See the 8.4 Release Notes for an overview of the main new features of Solr 8.4.
When upgrading to 8.4.x users should be aware of the following major changes from 8.3.
Package Management System
Version 8.4 introduces a package management system to Solr. The goals of the system are to allow hot (live) deployment of plugins, provide packaging guidelines for plugins, and standardize Solr’s approach by following familiar concepts used in other package management systems.
The system is designed to eventually replace use of the <lib ../>
directive,
the Blob Store, and other methods of deploying plugins and custom components
to Solr.
The system is currently considered experimental, so use with caution. It must be enabled with a system parameter passed at start up before it can be used. For details, please see the section Package Management.
With this feature Solr’s Blob Store functionality is now deprecated and will likely be removed in 9.0.
Security
The follow mix of changes were all made with the intention of making Solr more secure out of the box.
- The
solrconfig.xml
file in Solr’s_default
configset has been trimmed of the following previously pre-configured items:- All
<lib …/>
directives. This means that Solr Cell (aka Tika), Learning to Rank, Clustering (with Carrot2), language identification, and Velocity (for the/browse
sample search interface) are no longer enabled out of the box. - The
/browse
,/tvrh
, and/update/extract
request handlers. - The Term Vector Component.
The XSLT and Velocity response writers.
All of these items can be added to your Solr implementation by manually editing
solrconfig.xml
to add them back in, or use the Config API.The
sample_techproducts_configs
and the examples found in./example
are unchanged.
- All
Configsets that have been uploaded with an unsecured Configset API (i.e., when authentication is not enabled) are considered "Untrusted Configsets".
In order to bolster Solr’s out-of-the-box security, these untrusted configsets are no longer allowed to use the
<lib …/>
directive to implement contribs or custom Jars.When upgrading to 8.4, if you are using untrusted configsets that contain
<lib ../>
directives, their corresponding collections will not load (they will cease to work). You have a few options in this case:- You can secure your Solr instance with authentication
and re-upload the configset (using the
bin/solr zk upconfig …
Solr CLI command); - You can put your custom Jars in Solr’s classpath instead of
lib
directories; You can try the new package management system to manage your custom Jars.
See the section Upload a Configset for more details about trusted vs. untrusted configsets.
- You can secure your Solr instance with authentication
and re-upload the configset (using the
Our default Jetty configuration has been updated to now set a Content-Security-Policy (CSP) by default. See
./server/etc/jetty.xml
for details about how it is configured.As a result of this change, any custom HTML served by Solr’s HTTP server that contains inline Javascript will no longer execute in modern browsers. The options for you are:
- Change your JavaScript code to not run inline any longer;
- Edit
jetty.xml
to remove CSP (creating weaker security protection); - Remove/alter the headers with a reverse proxy.
- Solr’s Blob Store and runtime libs functionality are now deprecated and are planned to be removed from Solr in version 9.0. It has been replaced with the new package management system.
- The Velocity response writer is also now deprecated and is planned to be removed from Solr in version 9.0.
Using Collapse with Group Disallowed
Using the CollapsingQueryParser with Result Grouping has never been supported as it causes inconsistent behavior and NullPointerException errors. We have now explicitly disallowed this combination to prevent these errors. If you are using these together, you will need to modify your queries.
SolrJ
SolrJ now supports the
shards.preference
parameter for single-shard scenarios to ensure multi-shard and single-shard request routing works in the same way.See Cloud Request Routing and shards.preference Parameter for details.
QueryResponse.getExplainMap()
type has changed fromMap<String, String>
toMap<String, Object>
in order to support structured explanations.This change is expected to be mostly back-compatible. Compiled third-party components will work the same due to type erasure, but source code changes may be required.
- Replica routing code has been moved to SolrJ, making those classes available to clients if necessary.
Streaming Expressions
- A new DBSCAN clustering streaming evaluator has been added.
- The
precision
stream evaluator can now operate on matrices. - The
random
streaming expression can now create the x-axis.
JSON Facets
- Two new aggregations have been added:
missing
andcountvals
. - Several aggregations now support multi-valued fields:
min
,max
,avg
,sum
,sumsq
,stddev
,variance
, andpercentile
.
Caches
After the addition of
CaffeineCache
in 8.3, legacy SolrCache implementations are deprecated and likely to be removed in 9.0.Users are encouraged to transition their cache configurations to use
org.apache.solr.search.CaffeineCache
as soon as feasible.
Solr 8.3
See the 8.3 Release Notes for an overview of the main new features of Solr 8.3.
When upgrading to 8.3.x users should be aware of the following major changes from 8.2.
JWT Authentication
JWT Authentication now supports multiple identity providers.
To allow this, the parameter jwkUrl
has been deprecated and replaced with jwksUrl
.
Implementations using jwkUrl
will continue to work as normal, but users
should plan to transition their configurations to use jwksUrl
instead as
soon as feasible.
Caches
Solr has a new cache implementation,
CaffeineCache
, which is now recommended over other caches. This cache is expected to generally provide most users lower memory footprint, higher hit ratio, and better multi-threaded performance.Since caching has a direct impact on the performance of your Solr implementation, before switching to any new cache implementation in production, take care to test for your environment and traffic patterns so you fully understand the ramifications of the change.
- A new parameter,
maxIdleTime
, allows automatic eviction of cache items that have not been used in the defined amount of time. This allows the cache to release some memory and should aid those who want or need to fine-tune their caches.
See the section Query Settings in SolrConfig for more details about these and other cache options and parameters.
Solr 8.2
See the 8.2 Release Notes for an overview of the main new features of Solr 8.2.
When upgrading to 8.2.x, users should be aware of the following major changes from v8.1.
ZooKeeper 3.5.5
Solr 8.2 updates the version of ZooKeeper included with Solr to v3.5.5.
It is recommended that external ensembles set up to work with Solr also be updated to ZooKeeper 3.5.5.
This ZooKeeper release includes many new security features.
In order for Solr’s Admin UI to work with 3.5.5, the zoo.cfg
file must allow access to ZooKeeper’s "four-letter commands".
At a minimum, ruok
, conf
, and mntr
must be enabled, but other commands can optionally be enabled if you choose.
See the section Configuration for a ZooKeeper Ensemble for details.
Until 8.3, SOLR-13672 causes the ZK Status screen in the Admin UI to not be able to report status. This only impacts the UI, ZooKeeper still operates correctly. |
Routed Aliases
Routed aliases now use collection properties to identify collections that belong to the alias; prior to 8.2, these aliases used core properties.
This is backward-compatible and aliases created with prior versions will continue to work. However, new collections will no longer add the
routedAliasName
property to thecore.properties
file so any external code depending on this location will need to be updated.
- Time-routed aliases now include a
TRA
infix in the collection name, in the pattern<alias>_TRA_<timestamp>
.
Collections created with older versions will continue to work.
Distributed Tracing Support
This release adds support for tracing requests in Solr. Please review the section Distributed Solr Tracing for details on how to configure this feature.
Solr 8.1
See the 8.1 Release Notes for an overview of the main new features of Solr 8.1.
When upgrading to 8.1.x, users should be aware of the following major changes from v8.0.
Global maxBooleanClauses Parameter
The behavior of the
maxBooleanClauses
parameter has changed to reduce the risk of exponential query expansion when dealing with pathological query strings.A default upper limit of 1024 clauses is now enforced at the node level. This was the default prior to 7.0, and it can be overridden with a new global parameter in
solr.xml
. This limit will be enforced for all queries whether explicitly defined by the user (or client), or created by Solr and Lucene internals.An identical parameter is available in
solrconfig.xml
for limiting the size of queries explicitly defined by the user (or client), but this per-collection limit will still be restricted by the global limit set insolr.xml
.If your use case demands that you a lot of OR or AND clauses in your queries, upon upgrade to 8.1 you may need to adjust the global
maxBooleanClauses
parameter since between 7.0 and 8.1 the limit was effectively unbounded.For more information about the new parameter, see the section Format of solr.xml: maxBooleanClauses.
Security
- JSON Web Tokens (JWT) are now supported for authentication. These allow Solr to assert a user is already authenticated via an external identity provider, such as an OpenID Connect-enabled IdP. For more information, see the section JWT Authentication Plugin.
- A new security plugin for audit logging has been added. A default class
SolrLogAuditLoggerPlugin
is available and configurable insecurity.json
. The base class is also extendable for adding custom audit plugins if needed. See the section Audit Logging for more information.
Collections API
- The output of the REQUESTSTATUS command in the Collections API will now include internal asynchronous requests (if any) in the "success" or "failed" keys.
- The CREATE command will now return the appropriate status code (4xx, 5xx, etc.) when the command has failed. Previously, it always returned
0
, even in failure. - The MODIFYCOLLECTION command now accepts an attribute to set a collection as read-only. This can be used to block a collection from receiving any updates while still allowing queries to be served. See the section MODIFYCOLLECTION for details on how to use it.
- A new command RENAME allows renaming a collection by setting up a one-to-one alias using the new name. For more information, see the section RENAME.
- A new command REINDEXCOLLECTION allows indexing existing stored fields from a source collection into a new collection. For more information, please see the section REINDEXCOLLECTION.
Logging
The default Log4j2 logging mode has been changed from synchronous to asynchronous. This will improve logging throughput and reduce system contention at the cost of a slight chance that some logging messages may be missed in the event of abnormal Solr termination.
If even this slight risk is unacceptable, the Log4j configuration file found in
server/resources/log4j2.xml
has the synchronous logging configuration in a commented section and can be edited to re-enable synchronous logging.
Metrics
- The SolrGangliaReporter has been removed from Solr. The metrics library used by Solr, Dropwizard Metrics, was updated to version 4, and Ganglia support was removed from it due to a dependency on the LGPL license.
Browse UI (Velocity)
- Velocity and Velocity Tools were both upgraded as part of this release. Velocity upgraded from 1.7 to 2.0. Please see https://velocity.apache.org/engine/2.0/upgrading.html about upgrading. Velocity Tools upgraded from 2.0 to 3.0. For more details, please see https://velocity.apache.org/tools/3.0/upgrading.html for details about the upgrade.
Default Garbage Collector (GC)
- Solr’s default GC has been changed from CMS to G1. If you prefer to use CMS or any other GC method, you can modify the
GC_TUNE
section ofsolr.in.sh
(*nix) orsolr.in.cmd
(Windows).
Upgrading from 7.x Releases
The upgrade from 7.x to Solr 8.0 introduces several major changes that you should be aware of before upgrading. These changes are described in the section Major Changes in Solr 8. It’s strongly recommended that you do a thorough review of that section before starting your upgrade.
If you run in SolrCloud mode, you must be on Solr version 7.3 or higher in order to upgrade to 8.x. |
Upgrading from Pre-7.x Versions
Users upgrading from versions of Solr prior to 7.x are strongly encouraged to consult CHANGES.txt
for the details of all changes since the version they are upgrading from.
The upgrade from Solr 6.x to Solr 7.0 introduced several major changes that you should be aware of before upgrading. Please do a thorough review of the section Major Changes in Solr 7 before starting your upgrade.
A summary of the significant changes between Solr 5.x and Solr 6.0 is in the section Major Changes from Solr 5 to Solr 6.