Merge pull request #403 from alsutton/address_security_issues

Update dependencies to address vulnerabilities.

build.xml

@@ -188,7 +188,7 @@
         <pathelement location="${lib}/commons-logging-1.2.jar" />
         <pathelement location="${lib}/commons-math3-3.4.1.jar" />
         <pathelement location="${lib}/fontbox-2.0.15.jar" />
-        <pathelement location="${lib}/guava-18.0.jar" />
+        <pathelement location="${lib}/guava-30.1-jre.jar" />
         <pathelement location="${lib}/httpclient-4.5.12.jar" />
         <pathelement location="${lib}/httpcore-4.4.13.jar" />
         <pathelement location="${lib}/httpmime-4.5.12.jar" />
@@ -226,21 +226,21 @@
         <pathelement location="${lib}/jwat-gzip-1.1.1.jar" />
         <pathelement location="${lib}/jwat-warc-1.1.1.jar" />
         <pathelement location="${lib}/log4j-over-slf4j-1.7.25.jar" />
-        <pathelement location="${lib}/lucene-analyzers-common-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-analyzers-phonetic-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-backward-codecs-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-classification-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-codecs-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-core-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-grouping-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-highlighter-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-join-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-memory-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-misc-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-queries-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-queryparser-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-spatial-extras-7.7.3.jar" />
-        <pathelement location="${lib}/lucene-suggest-7.7.3.jar" />
+        <pathelement location="${lib}/lucene-analyzers-common-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-analyzers-phonetic-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-backward-codecs-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-classification-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-codecs-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-core-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-grouping-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-highlighter-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-join-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-memory-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-misc-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-queries-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-queryparser-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-spatial-extras-8.8.1.jar" />
+        <pathelement location="${lib}/lucene-suggest-8.8.1.jar" />
         <pathelement location="${lib}/metadata-extractor-2.11.0.jar" />
         <pathelement location="${lib}/metrics-core-3.2.2.jar" />
         <pathelement location="${lib}/noggit-0.8.jar" />
@@ -252,8 +252,8 @@
         <pathelement location="${lib}/rrd4j-3.2.jar" />
         <pathelement location="${lib}/slf4j-api-1.7.25.jar" />
         <pathelement location="${lib}/slf4j-jdk14-1.7.25.jar" />
-        <pathelement location="${lib}/solr-core-7.7.3.jar" />
-        <pathelement location="${lib}/solr-solrj-7.7.3.jar" />
+        <pathelement location="${lib}/solr-core-8.8.1.jar" />
+        <pathelement location="${lib}/solr-solrj-8.8.1.jar" />
         <pathelement location="${lib}/spatial4j-0.6.jar" />
         <pathelement location="${lib}/stax2-api_3.1.4.jar" />        
         <pathelement location="${lib}/weupnp-0.1.4.jar" />

pom.xml

@@ -34,7 +34,7 @@
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <!-- the Solr version used in dependency section for all related dependencies -->
-        <solr.version>6.6.6</solr.version> 
+        <solr.version>8.8.1</solr.version>
         <!-- the Jetty version used in dependency section for all related dependencies -->
         <jetty.version>9.4.35.v20201120</jetty.version>
                 
@@ -366,7 +366,7 @@
 		    <dependency>
 		        <groupId>junit</groupId>
 		        <artifactId>junit</artifactId>
-		        <version>4.13</version>
+		        <version>4.13.1</version>
 		        <scope>test</scope>
 		    </dependency>
 

source/net/yacy/cora/federate/solr/connector/EmbeddedSolrConnector.java

@@ -39,6 +39,7 @@ import org.apache.lucene.document.Document;
 import org.apache.lucene.index.DirectoryReader;
 import org.apache.lucene.index.IndexableField;
 import org.apache.lucene.search.Query;
+import org.apache.lucene.search.TotalHits;
 import org.apache.lucene.util.BytesRef;
 import org.apache.solr.client.solrj.SolrQuery;
 import org.apache.solr.client.solrj.SolrServerException;
@@ -232,7 +233,7 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
         SolrDocumentList sdl = new SolrDocumentList();
         NamedList<?> nl = rsp.getValues();
         ResultContext resultContext = (ResultContext) nl.get("response");
-        DocList response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f) : resultContext.getDocList();
+        DocList response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f, TotalHits.Relation.EQUAL_TO) : resultContext.getDocList();
         sdl.setNumFound(response == null ? 0 : response.matches());
         sdl.setStart(response == null ? 0 : response.offset());
         String originalName = Thread.currentThread().getName();
@@ -364,7 +365,6 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
             return SolrQueryResponse2SolrDocumentList(req, response);
         } finally {
             req.close();
-            SolrRequestInfo.clearRequestInfo();
         }
     }
 
@@ -383,7 +383,7 @@ public class EmbeddedSolrConnector extends SolrServerConnector implements SolrCo
             NamedList<?> nl = rsp.getValues();
             ResultContext resultContext = (ResultContext) nl.get("response");
             if (resultContext == null) log.warn("DocListSearcher: no response for query '" + querystring + "'");
-            this.response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f) : resultContext.getDocList();
+            this.response = resultContext == null ? new DocSlice(0, 0, new int[0], new float[0], 0, 0.0f, TotalHits.Relation.EQUAL_TO) : resultContext.getDocList();
         }
         
         @Override

source/net/yacy/cora/protocol/Domains.java

@@ -51,6 +51,7 @@ import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
@@ -836,7 +837,7 @@ public class Domains {
 	final private static ExecutorService getByNameService = Executors
 			.newCachedThreadPool(new NamePrefixThreadFactory("InetAddress.getByName"));
 
-	final private static TimeLimiter timeLimiter = new SimpleTimeLimiter(getByNameService);
+	final private static TimeLimiter timeLimiter = SimpleTimeLimiter.create(getByNameService);
 
     /**
      * strip off any parts of an url, address string (containing host/ip:port) or raw IPs/Hosts,
@@ -992,9 +993,9 @@ public class Domains {
                         public InetAddress call() throws Exception {
                             return InetAddress.getByName(host);
                         }
-                    }, 3000L, TimeUnit.MILLISECONDS, false);
+                    }, 3000L, TimeUnit.MILLISECONDS);
                     //ip = TimeoutRequest.getByName(host, 1000); // this makes the DNS request to backbone
-                } catch (final UncheckedTimeoutException e) {
+                } catch (final InterruptedException | TimeoutException e) {
                 	// in case of a timeout - maybe cause of massive requests - do not fill NAME_CACHE_MISS
                 	LOOKUP_SYNC.remove(host);
                     return null;

source/net/yacy/search/index/Fulltext.java

@@ -85,6 +85,8 @@ import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrInputDocument;
 import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.lucene.util.Version;
+import org.apache.solr.core.SolrConfig;
+import org.apache.solr.schema.IndexSchema;
 
 public final class Fulltext {
 
@@ -150,7 +152,9 @@ public final class Fulltext {
         }
         
         EmbeddedInstance localCollectionInstance = new EmbeddedInstance(new File(new File(Switchboard.getSwitchboard().appPath, "defaults"), "solr"), solrLocation, CollectionSchema.CORE_NAME, new String[]{CollectionSchema.CORE_NAME, WebgraphSchema.CORE_NAME});
-        Version luceneVersion = localCollectionInstance.getDefaultCore().getSolrConfig().getLuceneVersion("luceneMatchVersion");
+        SolrConfig config = localCollectionInstance.getDefaultCore().getSolrConfig();
+        String versionValue = config.getVal(IndexSchema.LUCENE_MATCH_VERSION_PARAM, true);
+        Version luceneVersion = SolrConfig.parseLuceneVersionString(versionValue);
         String lvn = luceneVersion.major + "_" + luceneVersion.minor;
         ConcurrentLog.info("Fulltext", "using lucene version " + lvn);
         assert SOLR_PATH.endsWith(lvn) : "luceneVersion = " + lvn + ", solrPath = " + SOLR_PATH + ", check defaults/solr/solrconfig.xml";