Visit NES for Apache Solr & Lucene Home Page
Release Notes
Complete Changelog for NES for Apache Solr & Lucene
Lucene
8.11.6 (NES) - February 3, 2026
Notes
- This release contains no functional changes from Lucene version
8.11.4. - Full Version:
8.11.4-solr-8.11.6
8.11.5 (NES) - March 25, 2025
Bug Fixes
This release patches the following:
- CVE-2024-45772: Deserialization of Untrusted Data.
- Full Version:
8.11.4-solr-8.11.5
8.11.5-trial (NES) - March 25, 2025
Notes
- This release originates from the open‑source Apache Lucene and Solr project forked by HeroDevs.
- This release contains no functional changes from Lucene and Solr version
8.11.4. - Full Version:
8.11.4-solr-8.11.5-trial
Solr
8.11.6 (NES) - February 3, 2026
Bug Fixes
This release patches the following:
- CVE-2026-22444: Insufficient file-access checking in standalone core-creation requests
- Applied security patches to SchemaHandler, SolrConfigHandler, and other admin handlers
- Enhanced permission validation and HTTP method checking
- Fixed path and permission related NPEs
- Added comprehensive security tests
- CVE-2026-22022: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
- Fixed access control issues in admin handlers
- Full Version:
8.11.4-solr-8.11.6
8.11.5 (NES) - March 25, 2025
Bug Fixes
This release patches the following:
- CVE-2024-52012: Relative Path Traversal vulnerability.
- Assessed OSS 8.11.4 for impact and found not applicable.
- CVE-2025-24814: Execution with Unnecessary Privileges.
<lib>usage disabled insolrconfig.xmlby defaultsolr.config.lib.enabledcan be used to enable/disable<lib>usage
- Full Version:
8.11.4-solr-8.11.5
8.11.5-trial (NES) - March 25, 2025
Notes
- This release originates from the open‑source Apache Lucene and Solr project forked by HeroDevs.
- This release contains no functional changes from Lucene and Solr version
8.11.4. - Full Version:
8.11.4-solr-8.11.5-trial