Skip to main content
Released on February 26, 2024, this maintenance release includes an update to Kubernetes 1.28. To learn more, skip to the release notes.
Security patch available for api-gateway: Netty request smuggling vulnerabilitiesA patch is available for the api-gateway service to address critical Netty request smuggling vulnerabilities (CVE-2026-42581, CVE-2026-42585, CVE-2026-42587). These vulnerabilities allow attackers to smuggle HTTP requests through the gateway, potentially bypassing security controls.
The api-gateway service requires the Netty security patch.Follow these steps to apply the patched image:
  1. Open your Fusion Helm values file.
  2. Add or update the api-gateway image configuration: 
    api-gateway:
  image:
    repository: lucidworks
    name: api-gateway
    tag: 5.9.9-SUST-1634-patch
    imagePullPolicy: IfNotPresent
  3. Save the values file.
  4. For Fusion Cloud Native deployments, run the upgrade_fusion.sh script you used for your current deployment. For Helm deployments, run: 
    helm upgrade --namespace NAMESPACE RELEASE_NAME PATH_TO_VALUES
    Replace NAMESPACE with your Kubernetes namespace, RELEASE_NAME with your Helm release name, and PATH_TO_VALUES with the path to your updated values file.
  5. Wait for the api-gateway pods to restart and verify they are using the patched image.

Platform Support and Component Versions

Kubernetes platform support

Lucidworks has tested and validated support for the following Kubernetes platforms and versions:
  • Google Kubernetes Engine (GKE): 1.28
  • Microsoft Azure Kubernetes Service (AKS): 1.28
  • Amazon Elastic Kubernetes Service (EKS): 1.28
Support is also offered for Rancher Kubernetes Engine (RKE) and OpenShift 4 versions that are based on Kubernetes 1.28. OpenStack and customized Kubernetes installations are not supported. For more information on Kubernetes version support, see the Kubernetes support policy.

Component versions

The following table details the versions of key components that may be critical to deployments and upgrades.
ComponentVersion
Solrfusion-solr 5.9.3 (based on Solr 9.1.1)
ZooKeeper3.7.1
Spark3.2.2
Ingress ControllersNginx, Ambassador (Envoy), GKE Ingress Controller Istio not supported.
More information about support dates can be found at Lucidworks Fusion Product Lifecycle.
Looking to upgrade?See Fusion 5 Upgrades for detailed instructions.

Improvements

  • Fusion now supports Kubernetes 1.28. This applies to GKE, AKS, and EKS. It also applies to Rancher (RKE) and OpenShift 4 versions that are compatible with Kubernetes 1.28. Refer to Kubernetes documentation at Kubernetes v1.28 for more information.

Bug fixes

  • Fixed an issue affecting remote connector datasources where they could enter a state of persistent inability to index following a No Plugin Activity timeout error.
  • Fixed an issue with the async-parser where large files exceeding the configured memory buffer were repeatedly retried for processing, even though they would ultimately fail. This behavior could lead to unnecessary resource consumption and logging noise. Files that exceed the size configuration are no longer retried.
  • Fixed an issue with the async-parser where documents containing empty values were erroneously emitted for indexing, even though the indexing process couldn’t handle them. This behavior led to indexing failures and unnecessary resource consumption.
  • Fixed an issue with the Rules UI where very large rule sets could trigger URI errors, preventing the UI from loading or functioning correctly. This required manual deletion of rules to restore functionality.
  • Fixed an issue where previously denied and published rules reappeared as new suggestions after running detection jobs.

Known issues

  • New Kerberos security realms cannot be configured successfully in this version of Fusion.