Upgraded embedded Solr to 8.6.2

KeywordSearch/solr/server/etc/jetty-http.xml

@@ -41,11 +41,10 @@
         <Set name="host"><Property name="jetty.host" /></Set>
         <Set name="port"><Property name="jetty.port" default="8983" /></Set>
         <Set name="idleTimeout"><Property name="solr.jetty.http.idleTimeout" default="120000"/></Set>
-        <Set name="soLingerTime"><Property name="solr.jetty.http.soLingerTime" default="-1"/></Set>
         <Set name="acceptorPriorityDelta"><Property name="solr.jetty.http.acceptorPriorityDelta" default="0"/></Set>
         <Set name="acceptQueueSize"><Property name="solr.jetty.http.acceptQueueSize" default="0"/></Set>
       </New>
     </Arg>
   </Call>
 
-</Configure>
+</Configure>

KeywordSearch/solr/server/etc/jetty-https.xml

@@ -12,7 +12,7 @@
     <Set name="CipherComparator">
       <Get class="org.eclipse.jetty.http2.HTTP2Cipher" name="COMPARATOR"/>
     </Set>
-    <Set name="useCipherSuitesOrder">true</Set>    
+    <Set name="useCipherSuitesOrder">true</Set>
   </Ref>
 
   <!-- =========================================================== -->
@@ -41,14 +41,14 @@
               </New>
             </Item>
             <Item>
-              <New id="alpn" class="org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory">                
+              <New id="alpn" class="org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory">
                 <Arg name="protocols">
                   <Array type="java.lang.String">
                     <Item>h2</Item>
                     <Item>http/1.1</Item>
                   </Array>
                 </Arg>
-                <Set name="defaultProtocol">http/1.1</Set>  
+                <Set name="defaultProtocol">http/1.1</Set>
               </New>
             </Item>
             <Item>
@@ -66,7 +66,6 @@
         <Set name="host"><Property name="solr.jetty.host" /></Set>
         <Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
         <Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
-        <Set name="soLingerTime"><Property name="solr.jetty.https.soLingerTime" default="-1"/></Set>
         <Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
         <Set name="acceptQueueSize"><Property name="solr.jetty.https.acceptQueueSize" default="0"/></Set>
       </New>

KeywordSearch/solr/server/etc/jetty-https8.xml

@@ -60,10 +60,9 @@
         <Set name="host"><Property name="solr.jetty.host" /></Set>
         <Set name="port"><Property name="solr.jetty.https.port" default="8983" /></Set>
         <Set name="idleTimeout"><Property name="solr.jetty.https.timeout" default="120000"/></Set>
-        <Set name="soLingerTime"><Property name="solr.jetty.https.soLingerTime" default="-1"/></Set>
         <Set name="acceptorPriorityDelta"><Property name="solr.jetty.ssl.acceptorPriorityDelta" default="0"/></Set>
         <Set name="acceptQueueSize"><Property name="solr.jetty.https.acceptQueueSize" default="0"/></Set>
       </New>
     </Arg>
   </Call>
-</Configure>
+</Configure>

KeywordSearch/solr/server/etc/jetty-requestlog.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+  -->
+
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+
+<!-- =========================================================== -->
+<!-- Configure Request Log                                       -->
+<!-- =========================================================== -->
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+  <Set name="RequestLog">
+    <New id="RequestLog" class="org.eclipse.jetty.server.CustomRequestLog">
+      <!-- Writer -->
+      <Arg>
+        <New class="org.eclipse.jetty.server.AsyncRequestLogWriter">
+          <Arg><Property name="solr.log.dir" default="logs"/>/yyyy_mm_dd.request.log</Arg>
+          <Set name="filenameDateFormat">yyyy_MM_dd</Set>
+          <Set name="retainDays">90</Set>
+          <Set name="append">true</Set>
+          <Set name="timeZone">UTC</Set>
+        </New>
+      </Arg>
+
+      <!-- Format String -->
+      <Arg><Get class="org.eclipse.jetty.server.CustomRequestLog" name="NCSA_FORMAT"/></Arg>
+    </New>
+  </Set>
+</Configure>

KeywordSearch/solr/server/etc/jetty-ssl.xml

@@ -6,7 +6,7 @@
 <!-- This configuration must be used in conjunction with jetty.xml -->
 <!-- and either jetty-https.xml or jetty-spdy.xml (but not both)   -->
 <!-- ============================================================= -->
-<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
   <Call class="org.apache.solr.util.configuration.SSLConfigurationsFactory" name="current">
     <Get name="keyStorePassword" id="keyStorePassword"/>
     <Get name="trustStorePassword" id="trustStorePassword"/>
@@ -17,8 +17,8 @@
   <Set name="TrustStorePassword"><Ref refid="trustStorePassword"/></Set>
   <Set name="NeedClientAuth"><Property name="solr.jetty.ssl.needClientAuth" default="false"/></Set>
   <Set name="WantClientAuth"><Property name="solr.jetty.ssl.wantClientAuth" default="false"/></Set>
-  <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="JKS"/></Set>
-  <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="JKS"/></Set>
+  <Set name="KeyStoreType"><Property name="solr.jetty.keystore.type" default="PKCS12"/></Set>
+  <Set name="TrustStoreType"><Property name="solr.jetty.truststore.type" default="PKCS12"/></Set>
 
   <!-- =========================================================== -->
   <!-- Create a TLS specific HttpConfiguration based on the        -->

KeywordSearch/solr/server/etc/jetty.xml

@@ -82,18 +82,57 @@
   </New>
 
     <!-- =========================================================== -->
-    <!-- RewriteHandle to redirect root to Solr                      -->
+    <!-- RewriteHandle to set headers, redirect root to Solr         -->
     <!-- =========================================================== -->
      <New id="RewriteHandler" class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
       <Set name="rewriteRequestURI">true</Set>
       <Set name="rewritePathInfo">false</Set>
       <Set name="originalPathAttribute">requestedPath</Set>
 
+      <!-- security-related headers -->
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">Content-Security-Policy</Set>
+            <Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-Content-Type-Options</Set>
+            <Set name="value">nosniff</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-Frame-Options</Set>
+            <Set name="value">SAMEORIGIN</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-XSS-Protection</Set>
+            <Set name="value">1; mode=block</Set>
+          </New>
+        </Arg>
+      </Call>
+
+      <!-- redirect root to solr -->
       <Call name="addRule">
         <Arg>
           <New class="org.eclipse.jetty.rewrite.handler.RedirectRegexRule">
             <Set name="regex">^/$</Set>
-            <Set name="replacement">/solr/</Set>
+            <Set name="location">/solr/</Set>
           </New>
         </Arg>
       </Call>
@@ -118,7 +157,25 @@
            <Set name="handlers">
              <Array type="org.eclipse.jetty.server.Handler">
                <Item>
-                 <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
+                 <New class="org.eclipse.jetty.server.handler.InetAccessHandler">
+                   <Call name="include">
+                     <Arg>
+                       <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+                         <Arg><Property name="solr.jetty.inetaccess.includes" default=""/></Arg>
+                       </Call>
+                     </Arg>
+                   </Call>
+                   <Call name="exclude">
+                     <Arg>
+                       <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+                         <Arg><Property name="solr.jetty.inetaccess.excludes" default=""/></Arg>
+                       </Call>
+                     </Arg>
+                   </Call>
+                   <Set name="handler">
+                     <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
+                   </Set>
+                 </New>
                </Item>
                <Item>
                  <New id="InstrumentedHandler" class="com.codahale.metrics.jetty9.InstrumentedHandler">
@@ -128,9 +185,6 @@
                    </Set>
                  </New>
                </Item>
-               <Item>
-                 <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler"/>
-               </Item>
              </Array>
            </Set>
          </New>
@@ -143,33 +197,6 @@
     <Set name="handler">
       <Ref id="RewriteHandler"/>
     </Set>
-    
-    <!-- =========================================================== -->
-    <!-- Configure Request Log                                       -->
-    <!-- =========================================================== -->
-    <!--
-    <Ref id="Handlers">
-      <Call name="addHandler">
-        <Arg>
-          <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler">
-            <Set name="requestLog">
-              <New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
-                <Set name="filename">
-                   logs/request.yyyy_mm_dd.log
-                </Set>
-                <Set name="filenameDateFormat">yyyy_MM_dd</Set>
-                <Set name="retainDays">90</Set>
-                <Set name="append">true</Set>
-                <Set name="extended">false</Set>
-                <Set name="logCookies">false</Set>
-                <Set name="LogTimeZone">UTC</Set>
-              </New>
-            </Set>
-          </New>
-        </Arg>
-      </Call>
-    </Ref>
-    -->
 
     <!-- =========================================================== -->
     <!-- extra options                                               -->

KeywordSearch/solr/server/etc/security.policy

@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Policy file for solr. Please keep minimal and avoid wildcards.
+
+// permissions needed for tests to pass, based on properties set by the build system
+// NOTE: if the property is not set, the permission entry is ignored.
+grant {
+  // contain read access to only what we need:
+  // 3rd party jar resources (where symlinks are not supported), test-files/ resources
+  permission java.io.FilePermission "${common.dir}${/}-", "read";
+  permission java.io.FilePermission "${common.dir}${/}..${/}solr${/}-", "read";
+  // 3rd party jar resources (where symlinks are supported)
+  permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read";
+  // system jar resources
+  permission java.io.FilePermission "${java.home}${/}-", "read";
+  permission java.io.FilePermission "${junit4.childvm.cwd}", "read";
+  permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp", "read,write,delete";
+  permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-", "read,write,delete";
+  permission java.io.FilePermission "${junit4.childvm.cwd}${/}jacoco.db", "write";
+  permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete";
+  permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${tests.linedocsfile}", "read";
+  // DirectoryFactoryTest messes with these (wtf?)
+  permission java.io.FilePermission "/tmp/inst1/conf/solrcore.properties", "read";
+  permission java.io.FilePermission "/path/to/myinst/conf/solrcore.properties", "read";
+  // TestConfigSets messes with these (wtf?)
+  permission java.io.FilePermission "/path/to/solr/home/lib", "read";
+
+  permission java.nio.file.LinkPermission "hard";
+  
+  // all possibilities of accepting/binding/connections on localhost with ports >=1024:
+  permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect,resolve";
+  permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve";
+  permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve";
+  // "dead hosts", we try to keep it fast
+  permission java.net.SocketPermission "[::1]:4", "connect,resolve";
+  permission java.net.SocketPermission "[::1]:6", "connect,resolve";
+  permission java.net.SocketPermission "[::1]:8", "connect,resolve";
+  
+  // Basic permissions needed for Lucene to work:
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // needed by gson serialization of junit4 runner: TODO clean that up
+  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
+  // needed by junit4 runner to capture sysout/syserr:
+  permission java.lang.RuntimePermission "setIO";
+  // needed by randomized runner to catch failures from other threads:
+  permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
+  // needed by randomized runner getTopThreadGroup:
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  // needed by tests e.g. shutting down executors:
+  permission java.lang.RuntimePermission "modifyThread";
+  // needed for tons of test hacks etc
+  permission java.lang.RuntimePermission "getStackTrace";
+  // needed for mock filesystems in tests
+  permission java.lang.RuntimePermission "fileSystemProvider";
+  // needed for test of IOUtils.spins (maybe it can be avoided)
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  // analyzers/uima: needed by lucene expressions' JavascriptCompiler
+  permission java.lang.RuntimePermission "createClassLoader";
+  // needed to test unmap hack on platforms that support it
+  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+  // needed by jacoco to dump coverage
+  permission java.lang.RuntimePermission "shutdownHooks";
+  // needed by org.apache.logging.log4j
+  permission java.lang.RuntimePermission "getenv.*";
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+  permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
+  // needed by bytebuddy
+  permission java.lang.RuntimePermission "defineClass";
+  // needed by mockito
+  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
+  permission java.lang.RuntimePermission "reflectionFactoryAccess";
+  // needed by SolrResourceLoader
+  permission java.lang.RuntimePermission "closeClassLoader";
+  // needed by HttpSolrClient
+  permission java.lang.RuntimePermission "getFileSystemAttributes";
+  // needed by hadoop auth (TODO: there is a cleaner way to handle this)
+  permission java.lang.RuntimePermission "loadLibrary.jaas";
+  permission java.lang.RuntimePermission "loadLibrary.jaas_unix";
+  permission java.lang.RuntimePermission "loadLibrary.jaas_nt";
+  // needed by hadoop common RawLocalFileSystem for java nio getOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+  // needed by hadoop hdfs
+  permission java.lang.RuntimePermission "readFileDescriptor";
+  permission java.lang.RuntimePermission "writeFileDescriptor";
+  // needed by hadoop http
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // These two *have* to be spelled out a separate
+  permission java.lang.management.ManagementPermission "control";
+  permission java.lang.management.ManagementPermission "monitor";
+
+  // needed by hadoop htrace
+  permission java.net.NetPermission "getNetworkInformation";
+
+  // needed by DIH
+  permission java.sql.SQLPermission "deregisterDriver";
+
+  permission java.util.logging.LoggingPermission "control";
+
+  // needed by solr mbeans feature/tests
+  // TODO: can we remove wildcard for class names/members?
+  permission javax.management.MBeanPermission "*", "getAttribute";
+  permission javax.management.MBeanPermission "*", "getMBeanInfo";
+  permission javax.management.MBeanPermission "*", "queryMBeans";
+  permission javax.management.MBeanPermission "*", "queryNames";
+  permission javax.management.MBeanPermission "*", "registerMBean";
+  permission javax.management.MBeanPermission "*", "unregisterMBean";
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanServerPermission "findMBeanServer";
+  permission javax.management.MBeanServerPermission "releaseMBeanServer";
+  permission javax.management.MBeanTrustPermission "register";
+
+  // needed by hadoop auth
+  permission javax.security.auth.AuthPermission "getSubject";
+  permission javax.security.auth.AuthPermission "modifyPrincipals";
+  permission javax.security.auth.AuthPermission "doAs";
+  permission javax.security.auth.AuthPermission "getLoginConfiguration";
+  permission javax.security.auth.AuthPermission "setLoginConfiguration";
+  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
+  permission javax.security.auth.AuthPermission "modifyPublicCredentials";
+  permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
+
+  // needed by hadoop security
+  permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
+  permission java.security.SecurityPermission "insertProvider";
+
+  permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
+
+  // SSL related properties for Solr tests
+  permission javax.net.ssl.SSLPermission "setDefaultSSLContext";
+
+  // SASL/Kerberos related properties for Solr tests
+  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
+  
+  // may only be necessary with Java 7?
+  permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
+  permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
+  
+  permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
+  permission javax.security.auth.kerberos.ServicePermission "*", "accept";
+  permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
+  
+  // java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path)
+  permission java.awt.AWTPermission "*";
+
+  // used by solr to create sandboxes (e.g. script execution)
+  permission java.security.SecurityPermission "createAccessControlContext";
+};
+
+// additional permissions based on system properties set by /bin/solr
+// NOTE: if the property is not set, the permission entry is ignored.
+grant {
+  permission java.io.FilePermission "${hadoop.security.credential.provider.path}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${hadoop.security.credential.provider.path}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.jetty.keystore}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.jetty.keystore}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.jetty.truststore}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.jetty.truststore}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.install.dir}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.install.dir}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${jetty.home}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${jetty.home}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.solr.home}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.solr.home}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.data.home}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.data.home}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.default.confdir}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.default.confdir}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${solr.log.dir}", "read,write,delete,readlink";
+  permission java.io.FilePermission "${solr.log.dir}${/}-", "read,write,delete,readlink";
+
+  permission java.io.FilePermission "${log4j.configurationFile}", "read,write,delete,readlink";
+
+  // expanded to a wildcard if set, allows all networking everywhere
+  permission java.net.SocketPermission "${solr.internal.network.permission}", "accept,listen,connect,resolve";
+};

KeywordSearch/solr/server/etc/security.properties

@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# command-line security properties file
+#
+# By default, when enabling security manager, DNS lookups are cached indefinitely,
+# as protection against DNS spoofing.  We set this back to the default (non-security-manager)
+# value of 30 seconds, to prevent surprising behavior (e.g. nodes in cloud environments without
+# static IP addresses). Users concerned about DNS spoofing should instead follow best practices:
+# populating solr.shardsWhitelist, enabling TLS, etc.
+networkaddress.cache.ttl=30

KeywordSearch/solr/server/modules/requestlog.mod

@@ -0,0 +1,9 @@
+#
+# Request Log module
+#
+
+[depend]
+server
+
+[xml]
+etc/jetty-requestlog.xml

KeywordSearch/solr/server/resources/jetty-logging.properties

@@ -1 +1 @@
-org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.Slf4jLog
+org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.Slf4jLog

KeywordSearch/solr/server/resources/log4j2-console.xml

@@ -18,7 +18,7 @@
 
 <!-- Use this file for logging exlusively to the console, useful for 
      some development tasks. Should not be used for production -->
-<!-- Configuration for asynchronous logging -->
+<!-- Default production configuration is asnychronous logging -->
 <Configuration>
   <Appenders>
     <Console name="STDERR" target="SYSTEM_ERR">
@@ -30,6 +30,7 @@
     </Console>
   </Appenders>
   <Loggers>
+    <!-- Use <AsyncLogger/<AsyncRoot and <Logger/<Root for asynchronous logging or synchonous logging respectively -->
     <AsyncLogger name="org.apache.zookeeper" level="WARN"/>
     <AsyncLogger name="org.apache.hadoop" level="WARN"/>
 
@@ -40,28 +41,3 @@
 </Configuration>
 
 
-<!-- Configuration for synchronous logging
-     there _may_ be a very small window where log messages will not be flushed
-     to the log file on abnormal shutdown. If even this risk is unacceptable, use
-     the configuration below
--->
-<!--Configuration>
-<Appenders>
-  <Console name="STDERR" target="SYSTEM_ERR">
-    <PatternLayout>
-      <Pattern>
-        %-5p - %d{yyyy-MM-dd HH:mm:ss.SSS}; %c; %m%n
-      </Pattern>
-    </PatternLayout>
-  </Console>
-</Appenders>
-<Loggers>
-  <Logger name="org.apache.zookeeper" level="WARN"/>
-  <Logger name="org.apache.hadoop" level="WARN"/>
-
-  <Root level="INFO">
-    <AppenderRef ref="STDERR"/>
-  </Root>
-</Loggers>
-</Configuration-->
-

KeywordSearch/solr/server/resources/log4j2.xml

@@ -16,7 +16,7 @@
   limitations under the License.
   -->
 
-<!-- Configuration for asynchronous logging -->
+<!-- Default production configuration is asnychronous logging -->
 <Configuration>
   <Appenders>
 
@@ -62,9 +62,15 @@
 
   </Appenders>
   <Loggers>
+    <!-- Use <AsyncLogger/<AsyncRoot and <Logger/<Root for asynchronous logging or synchonous logging respectively -->
     <AsyncLogger name="org.apache.hadoop" level="warn"/>
     <AsyncLogger name="org.apache.solr.update.LoggingInfoStream" level="off"/>
     <AsyncLogger name="org.apache.zookeeper" level="warn"/>
+    <!-- HttpSolrCall adds markers denoting the handler class to allow fine grained control, metrics are
+         very noisy so by default the metrics handler is turned off to see metrics logging set DENY to ACCEPT -->
+    <AsyncLogger name="org.apache.solr.servlet.HttpSolrCall" level="info">
+      <MarkerFilter marker="org.apache.solr.handler.admin.MetricsHandler" onMatch="DENY" onMismatch="ACCEPT"/>
+    </AsyncLogger>
     <AsyncLogger name="org.apache.solr.core.SolrCore.SlowRequest" level="info" additivity="false">
       <AppenderRef ref="SlowLogFile"/>
     </AsyncLogger>
@@ -76,67 +82,3 @@
   </Loggers>
 </Configuration>
 
-<!-- Configuration for synchronous logging
-     there _may_ be a very small window where log messages will not be flushed
-     to the log file on abnormal shutdown. If even this risk is unacceptable, use
-     the configuration below
--->
-<!--Configuration>
-  <Appenders>
-
-    <Console name="STDOUT" target="SYSTEM_OUT">
-      <PatternLayout>
-        <Pattern>
-          %d{yyyy-MM-dd HH:mm:ss.SSS} %-5p (%t) [%X{collection} %X{shard} %X{replica} %X{core}] %c{1.} %m%n
-        </Pattern>
-      </PatternLayout>
-    </Console>
-
-    <RollingFile
-        name="RollingFile"
-        fileName="${sys:solr.log.dir}/solr.log"
-        filePattern="${sys:solr.log.dir}/solr.log.%i" >
-      <PatternLayout>
-        <Pattern>
-          %d{yyyy-MM-dd HH:mm:ss.SSS} %-5p (%t) [%X{collection} %X{shard} %X{replica} %X{core}] %c{1.} %m%n
-        </Pattern>
-      </PatternLayout>
-      <Policies>
-        <OnStartupTriggeringPolicy />
-        <SizeBasedTriggeringPolicy size="32 MB"/>
-      </Policies>
-      <DefaultRolloverStrategy max="10"/>
-    </RollingFile>
-
-    <RollingFile
-        name="SlowFile"
-        fileName="${sys:solr.log.dir}/solr_slow_requests.log"
-        filePattern="${sys:solr.log.dir}/solr_slow_requests.log.%i" >
-      <PatternLayout>
-        <Pattern>
-          %d{yyyy-MM-dd HH:mm:ss.SSS} %-5p (%t) [%X{collection} %X{shard} %X{replica} %X{core}] %c{1.} %m%n
-        </Pattern>
-      </PatternLayout>
-      <Policies>
-        <OnStartupTriggeringPolicy />
-        <SizeBasedTriggeringPolicy size="32 MB"/>
-      </Policies>
-      <DefaultRolloverStrategy max="10"/>
-    </RollingFile>
-
-  </Appenders>
-  <Loggers>
-    <Logger name="org.apache.hadoop" level="warn"/>
-    <Logger name="org.apache.solr.update.LoggingInfoStream" level="off"/>
-    <Logger name="org.apache.zookeeper" level="warn"/>
-    <Logger name="org.apache.solr.core.SolrCore.SlowRequest" level="info" additivity="false">
-      <AppenderRef ref="SlowFile"/>
-    </Logger>
-
-    <Root level="info">
-      <AppenderRef ref="RollingFile"/>
-      <AppenderRef ref="STDOUT"/>
-    </Root>
-  </Loggers>
-</Configuration-->
-

KeywordSearch/solr/server/scripts/cloud-scripts/zkcli.bat

@@ -9,11 +9,7 @@ REM  Find location of this script
 set SDIR=%~dp0
 if "%SDIR:~-1%"=="\" set SDIR=%SDIR:~0,-1%
 
-if defined LOG4J_PROPS (
-  set "LOG4J_CONFIG=file:///%LOG4J_PROPS%"
-) else (
-  set "LOG4J_CONFIG=file:///%SDIR%\..\..\resources\log4j2-console.xml"
-)
+set "LOG4J_CONFIG=file:///%SDIR%\..\..\resources\log4j2-console.xml"
 
 REM Settings for ZK ACL
 REM set SOLR_ZK_CREDS_AND_ACLS=-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider ^

KeywordSearch/solr/server/scripts/cloud-scripts/zkcli.sh

@@ -9,11 +9,7 @@ JVM="java"
 
 sdir="`dirname \"$0\"`"
 
-if [ -n "$LOG4J_PROPS" ]; then
-  log4j_config="file:$LOG4J_PROPS"
-else
-  log4j_config="file:$sdir/../../resources/log4j2-console.xml"
-fi
+log4j_config="file:$sdir/../../resources/log4j2-console.xml"
 
 # Settings for ZK ACL
 #SOLR_ZK_CREDS_AND_ACLS="-DzkACLProvider=org.apache.solr.common.cloud.VMParamsAllAndReadonlyDigestZkACLProvider \