Released on January 29, 2025, this maintenance release delivers essential security enhancements, including the latest updates for Kafka and key improvements for future-ready protection, plus bug fixes. Upgrading to the latest version of Fusion 5.9 offers several key benefits:
  • Access to latest features: Stay current with the latest features and functionality to ensure compatibility and optimal performance.
  • Simplified process: Fusion 5.9.5 and later use an in-place upgrade strategy, making upgrades easier than ever.
  • Extended support: Upgrading keeps you up-to-date with the latest supported Kubernetes versions, as outlined in the Lucidworks Fusion Product Lifecycle policy.
For supported Kubernetes versions and key component versions, see Platform support and component versions.
Looking to upgrade?Check out the Fusion 5 Upgrades for details.
Looking to upgrade?See Fusion 5 Upgrades for detailed instructions.

Key highlights

Enhanced security and future-ready safeguards

With the Fusion 5.9.9 release, we’ve upgraded Kafka to version 3.7.0, incorporating the latest security updates to strengthen your platform’s resilience. Additionally, we’ve implemented critical updates for Fusion’s Webapps, Templating, and API Gateway services, ensuring robust protection for your data. Looking ahead, we’ve introduced enhancements to streamline and expedite the delivery of future security updates, providing you with a safer Fusion environment.

Secure deployments with immutable root file system

Fusion now supports a read-only root file system to safeguard against unauthorized modifications, protecting your deployment against malicious software and other attacks. Most services operate efficiently in this mode, and for components that need write access, a separate writable mount is available using specific helm configurations. Read-only mode is enabled by default for some Fusion services. See Enable Read-Only Root File System for a list of services that support it or have it enabled by default, along with examples of how to configure it in your Fusion deployment. It should only be enabled for services that do not require CRUD access.

Bug fixes

  • This release addresses an issue in Fusion 5.9.2 and up, where enabling Transport Layer Security (TLS) during installation resulted in the following error: 
    Error: INSTALLATION FAILED: ... at <.tls.certSecret.name>: nil pointer evaluating interface {}.name
    With this fix, Fusion can now be successfully installed with TLS enabled.
  • This release improves compatibility between Solr and Fusion’s LWAI Prediction index pipeline stage to prevent errors about incompatible characters in field names.
  • The Fusion API realm can now authenticate when an API key is passed via an apiKey parameter.
    Previously, the key could only be passed in the header, as in these examples:     
    curl -H "x-api-key: API_KEY" "https://FUSION_HOST/api/query/status"
curl -H "apiKey: API_KEY" "https://FUSION_HOST/api/query/status"
    Now you can also pass the key as a parameter, like this: 
    curl https://FUSION_HOST/api/query/status?apiKey=API_KEY
  • The Configurations and ZooKeeper Import/Export APIs are now accessible only to authorized users from within your Fusion cluster or through Kubernetes port forwarding.
  • The API Gateway now includes an optional Kubernetes health check. To enable this check, edit your values.yaml file, and add -Dspring.cloud.kubernetes.loadbalancer.mode=POD to the API Gateway’s javaToolOptions. For example: 
    fusion:
  api-gateway:
    javaToolOptions: "-Dspring.cloud.kubernetes.loadbalancer.mode=POD"
    When enabled, if the health check fails during pod discovery, Kubernetes will restart the pod.

Known issues

  • Saving large query pipelines may cause OOM failures under high load. In Fusion versions 5.9.9 through 5.9.13, saving a large query pipeline during high query volume can result in thread lock, excessive memory use, and eventual OOM errors in the Query service. This issue is fixed in Fusion 5.9.14.
  • An issue prevents segment-based rule filtering from working correctly in Commerce Studio. This issue is fixed in Fusion 5.9.12.

Deprecations

For full details on deprecations, see Deprecations and Removals. As part of our ongoing initiative to replace our V1 (Classic) connectors with our more secure, flexible, and scalable V2 (Plugin) connectors, the following V1 connectors are deprecated in this release: Learn more about V1 and V2 connectors.
FAQHow long will Lucidworks continue to support these connectors?These connectors will remain available for at least 6 months from the release of Fusion 5.9.9 and will be removed in a release after this 6-month period.
To prepare for the eventual removal of these connectors in a future release, Lucidworks strongly recommends beginning the migration of your datasources to the following V2 connectors:

Removals

Bitnami removal

Fusion 5.9.8 will be re-released with the same functionality but updated image references. In the meantime, Lucidworks will self-host the required images while we work to replace Bitnami images with internally built open-source alternatives. If you are a self-hosted Fusion customer, you must upgrade before August 28 to ensure continued access to container images and prevent deployment issues. You can reinstall your current version of Fusion or upgrade to Fusion 5.9.14, which includes the updated Helm chart and prepares your environment for long-term compatibility. See Prevent image pull failures due to Bitnami deprecation in Fusion 5.9.5 to 5.9.13 for more information on how to prevent image pull failures.

Platform support and component versions

Kubernetes platform support

Lucidworks has tested and validated support for the following Kubernetes platforms and versions:
  • Google Kubernetes Engine (GKE): 1.28, 1.29, 1.30
  • Microsoft Azure Kubernetes Service (AKS): 1.28, 1.29, 1.30
  • Amazon Elastic Kubernetes Service (EKS): 1.28, 1.29, 1.30
Support is also offered for Rancher Kubernetes Engine (RKE) and OpenShift 4 versions that are based on Kubernetes 1.28, 1.29, 1.30. OpenStack and customized Kubernetes installations are not supported. For more information on Kubernetes version support, see the Kubernetes support policy.

Component versions

The following table details the versions of key components that may be critical to deployments and upgrades.
ComponentVersion
Solrfusion-solr 5.9.9 (based on Solr 9.6.1)
ZooKeeper3.9.1
Spark3.2.2
Ingress ControllersNginx, Ambassador (Envoy), GKE Ingress Controller Istio not supported.
More information about support dates can be found at Lucidworks Fusion Product Lifecycle.