How do I disable SOLR running inside Lucene in Jetty?

Report · Apr 22, 2025

My CF2021 box is failing security because even though I have uninstalled the search module from CFAdmin, Jetty itself is running an old version of SOLR inside Lucene. Here's how I know this:

GET http://server:8993/solr/admin/info/system HTTP/1.1

Under lucene:
lucene-impl-version=7.2.1 b2b6438b37073bee1fca40374e85bf91aa457c0b - ubuntu - 2018-01-10 00:48:43
lucene-spec-version=7.2.1
solr-impl-version=7.2.1-SNAPSHOT unknown - Administrator - 2022-07-19 19:20:55
solr-spec-version=7.2.1

Is there a way I can disable lucene? It looks like it's used for indexing/searching, and I have no use for it.

Report · Apr 22, 2025

Well, there are a couple of ways to look at this. While you're focused on Lucee, you also acknowledge that the solr it comes within is outdated also.

1) Someone might suggest you could just stop the cf2021 add-on service (and set it to disabled) . But be careful: that's used by both cf's solr feature AND by cf's cfhtmltopdf tag. If you know you don't use that, you can proceed with the above. Otherwise you cannot. (To be clear, these would have been enabled when whoever installed cf opted to enable them.)

2) As you found, someone might suggest that (as of cf2021 and above) you could remove the related "packages" in the cf admin's "package manager" page (or using the command line cfpm in cfusion/bin). But again as you found that only removed cf's ability to call OUT to them, in that add-on service. But you're wanting them solr running at all.

3) I'm pretty sure you can effectively "uninstall" the solr feature within the add-on service (within that jetty implementation in the cf folder) by stopping the cf add-on service, removing the solr. war in the jetty/webapps folder, then restarting the service. Again, I can't confirm that as I'm writing from my phone.

Let us know how if you try it. Or maybe someone else will have a more authoritative suggestion.

I'll note finally that later cf updates do update that solr embedded in cf, then later cf versions update them still more. It can happen that an older version like cf2021 (whose end of life is in Nov--no more updates) MAY NOT get updated to even a currently supported solr version.

/Charlie (troubleshooter, carehart. org)

Report · Apr 23, 2025

Thanks, Charlie. I'm on Update 18, so I thought for sure it would've updated SOLR since it said it did on Update 17 (ColdFusion (2021 release) Update 17). The updates are cumulative, right? I went from Update 10 to Update 18. But the SOLR version is still 7.x.

I do use CFHTMLTOPDF, so I need the add-on service...

Report · Apr 23, 2025

FYI, I followed the instructions off the Update 17 page to manually update SOLR -- and that did the trick. Now hitting the URL gives me:

solr-impl-version=8.11.3-SNAPSHOT unknown - Administrator - 2024-09-11 17:16:05

solr-spec-version=8.11.3

8.11.3 passes our security scan.

How do I disable SOLR running inside Lucene in Jetty?

1 Correct answer

Photos