Skip to main content
Released on January 29, 2025, this maintenance release delivers essential security enhancements, including the latest updates for Kafka and key improvements for future-ready protection, plus bug fixes. Upgrading to the latest version of Fusion 5.9 offers several key benefits:
  • Access to latest features: Stay current with the latest features and functionality to ensure compatibility and optimal performance.
  • Simplified process: Fusion 5.9.5 and later use an in-place upgrade strategy, making upgrades easier than ever.
  • Extended support: Upgrading keeps you up-to-date with the latest supported Kubernetes versions, as outlined in the Lucidworks Fusion Product Lifecycle policy.
For supported Kubernetes versions and key component versions, see Platform support and component versions.
Looking to upgrade?Check out the Fusion 5 Upgrades for details.
Looking to upgrade?See Fusion 5 Upgrades for detailed instructions.

Key highlights

Enhanced security and future-ready safeguards

With the Fusion 5.9.9 release, we’ve upgraded Kafka to version 3.7.0, incorporating the latest security updates to strengthen your platform’s resilience. Additionally, we’ve implemented critical updates for Fusion’s Webapps, Templating, and API Gateway services, ensuring robust protection for your data. Looking ahead, we’ve introduced enhancements to streamline and expedite the delivery of future security updates, providing you with a safer Fusion environment.

Secure deployments with immutable root file system

Fusion now supports a read-only root file system to safeguard against unauthorized modifications, protecting your deployment against malicious software and other attacks. Most services operate efficiently in this mode, and for components that need write access, a separate writable mount is available using specific helm configurations. Read-only mode is enabled by default for some Fusion services. See Enable Read-Only Root File System for a list of services that support it or have it enabled by default, along with examples of how to configure it in your Fusion deployment. It should only be enabled for services that do not require CRUD access.
This topic describes how to configure a read-only root file system for a Fusion deployment. Read-only mode safeguards your file system against unauthorized changes, such as by malicious software or other attacks. Enabling this feature entails configuring the readOnlyRootFilesystem attribute in the Fusion Helm chart.
This feature is available starting in Fusion 5.9.9 and in all subsequent Fusion 5.9 releases.
Beginning with Fusion 5.9.10, all of Fusion’s services are designed to work with a read-only root file system, but some external services may require write access to the file system. In that case, you can configure a read-only root file system and mount a separate writable file system for these services.The examples below show how to configure a read-only root file system for various Fusion services.

Solr

fusion:
  solr:
    containerSecurityContext:
      readOnlyRootFilesystem: true
With optional services:
fusion:
  solr:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true

Zookeeper

fusion:
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
With optional services:
fusion:
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    exporters:
      jmx:
        enabled: true
      zookeeper:
        enabled: true
    jobs:
      chroots:
        enabled: true
        config:
          create:
            - /root-read-only

Kafka

fusion:
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
With optional services:
fusion:
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    volumePermissions:
      enabled: true
      containerSecurityContext:
        readOnlyRootFilesystem: true
    metrics:
      kafka:
        containerSecurityContext:
          readOnlyRootFilesystem: true
          enabled: true
      jmx:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    externalAccess:
      enabled: true
      autoDiscovery:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    provisioning:
      enabled: true
      topics:
      - name: test
        partitions: 1
        replicationFactor: 1
        ## https://kafka.apache.org/documentation/#topicconfigs
        config:
          max.message.bytes: 64000
          flush.messages: 1
      containerSecurityContext:
        readOnlyRootFilesystem: true
        enabled: true

ML Model Service

fusion:
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
    milvus:
      mysql:
        containerSecurityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
With optional services:
fusion:
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      prometheusExporter:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
    milvus:
      mysql:
        metrics:
          enabled: true
          securityContext:
            readOnlyRootFilesystem: true
        containerSecurityContext:
          readOnlyRootFilesystem: true
      cluster:
        enabled: false
      mishards:
        securityContext:
          readOnlyRootFilesystem: true
      admin:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true

Argo

fusion:
  argo:
    minio:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true

Seldon Core Operator

fusion:
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Argo Common Workflows

fusion:
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true

Question Answering

fusion:
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Classification

fusion:
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

All-in-one values.yaml example

fusion:
  solr:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  solr-managed:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
    milvus:
      mysql:
        containerSecurityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
  argo:
    minio:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

All-in-one values.yaml with optional services example

fusion:
  argo:
    minio:
      persistence:
        enabled: false
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true
  solr:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true
    # tls:
    #   enabled: true
  solr-managed:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    enableExternalFiles: true
    enabledStorage:
    - gcs
    processRaw:
      image:
        repository: fusion-dev-docker.ci-artifactory.lucidworks.com
      cloudRoot: gs://lw-managed-fusion-data/tmp
      gcs:
        secret: gcs-key
        secretFieldName: key.json
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true
    # tls:
    #   enabled: true
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    exporters:
      jmx:
        enabled: true
      zookeeper:
        enabled: true
    jobs:
      chroots:
        # enabled: true
        config:
          create:
            - /root-read-only
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    volumePermissions:
      enabled: true
      image:
        repository: "fusion-dev-docker.ci-artifactory.lucidworks.com/os-shell"
      containerSecurityContext:
        readOnlyRootFilesystem: true
    metrics:
      kafka:
        containerSecurityContext:
          readOnlyRootFilesystem: true
          enabled: true
      jmx:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    externalAccess:
      enabled: true
      autoDiscovery:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    provisioning:
      enabled: true
      topics:
      - name: test
        partitions: 1
        replicationFactor: 1
        ## https://kafka.apache.org/documentation/#topicconfigs
        config:
          max.message.bytes: 64000
          flush.messages: 1
      containerSecurityContext:
        readOnlyRootFilesystem: true
        enabled: true
  ml-model-service:
    enabled: true
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      prometheusExporter:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
    milvus:
      mysql:
        metrics:
          enabled: true
          securityContext:
            readOnlyRootFilesystem: true
        containerSecurityContext:
          readOnlyRootFilesystem: true
      cluster:
        enabled: false
      mishards:
        securityContext:
          readOnlyRootFilesystem: true
      admin:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Supported services

The table below lists the services that support a read-only root file system, the ones that have it enabled by default, and the Fusion release in which support was added:
Chart NamePod NameContainer NameSupportedDefault enabledSupported version
admin-uiadmin-uiadmin-ui5.9.9+
api-gatewayapi-gatewayinit/api-gateway5.9.9+
api-gatewayapi-gatewayapi-gateway5.9.9+
api-gatewayapi-gatewaygenerate-jks5.9.9+
apps-managerapps-managerapps-manager5.9.9+
argoargo-serverargo-server5.9.10+
argoargo-executorexecutor5.9.10+
argoargo-mainContainermainContainer5.9.10+
argoargo-controllercontroller5.9.10+
argo/miniominiominio5.9.10+
argo/miniominiominio5.9.10+
argo/miniomake-bucket-jobminio-mc5.9.10+
argo-common-workflowsdelete-modelinit/main/wait5.9.10+
argo-common-workflowsdeploy-modelinit/main/wait5.9.10+
argo-common-workflowsmilvus-maintenanceinit/main/wait5.9.10+
argo-common-workflowsupload-model-to-cloudinit/main/wait5.9.10+
async-parsingasync-parsingtika-server5.9.9+
async-parsingasync-parsingasync-parsing5.9.9+
auth-uiauth-uiauth-ui5.9.9+
classic-rest-serviceclassic-rest-serviceinit/import-certs5.9.10+
classic-rest-serviceclassic-rest-serviceclassic-rest-service5.9.9+
classificationargo/classificationinit/wait/main5.9.10+
connector-pluginconnector-plugininit/import-certs5.9.10+
connector-pluginconnector-pluginconnector-plugin5.9.9+
connectorsconnectorsconnectors5.9.9+
connectors-backendCRD5.9.9+
connectors-backendconnectors-backendconnectors-backend5.9.9+
fusion-adminfusion-adminadmin5.9.9+
fusion-commonscheck-admin5.9.9+
fusion-commonscheck-api-gateway5.9.9+
fusion-commonscheck-indexing5.9.9+
fusion-commonscheck-kafka5.9.9+
fusion-commonscheck-logstash5.9.9+
fusion-commonscheck-pulsar5.9.9+
fusion-commonssetup-keystore-and-properties5.9.9+
fusion-commonscheck-zk5.9.9+
fusion-config-syncfusion-config-syncfusion-config-sync5.9.9+
fusion-data-augmentationargo/data-augmentation/volume-fixinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/init-workspaceinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/write-job-configsinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/write-io-configsinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/add-zkhostinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/pull-data-training-and-metadatainit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/pull-data-training-and-metadata-cloudinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/volume-fix2init/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/synonym-listinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/download-synonym-dictionaryinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/keystroke-listinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/download-keystroke-blobinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/augmentinit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/push-augmented-datainit/main/wait5.9.10+
fusion-data-augmentationargo/data-augmentation/push-augmented-data-cloudinit/main/wait5.9.10+
fusion-indexingfusion-indexingfusion-indexing5.9.9+
fusion-resourcesfusion-resources-secret-hooksetup-keystore-and-properties5.9.10+
insightsinsightsinsights5.9.9+
job-launcherjob-launcherjob-launcher5.9.9+
job-launcherjob-launcherkubectl-runner5.9.9+
job-launcherjob-launcher-spark-cleanupkubectl-runner5.9.9+
job-launcherspark-kubernetes-driverspark-kubernetes-driver5.9.10+
job-launcherspark-kubernetes-executorspark-kubernetes-executor5.9.10+
job-rest-serverjob-rest-serverjob-rest-server5.9.9+
kafkakafka-metricskafka-exporter-archived5.9.10+
kafkakafka-provisioninginit/wait-for-available-kafka5.9.10+
kafkakafka-provisioningkafka-provisioning5.9.10+
kafkakafkakafka5.9.10+
kafkakafkajmx-exporter5.9.10+
kafkakafkainit/check-zk5.9.9+
kafkakafkainit/auto-discovery5.9.10+
kafkakafkainit/volume-permissions5.9.10+
lwai-gatewaylwai-gatewaylwai-gateway5.9.9+
ml-model-serviceml-model-servicejava-service5.9.9+
ml-model-serviceml-model-service-namespace-hookkubectl-runner5.9.9+
ml-model-service/ambassadorambassadorambassador5.9.10+
ml-model-service/ambassadorambassadorprometheus-exporter5.9.10+
ml-model-service/milvusmilvus-writablemilvus5.9.10+
ml-model-service/milvusmilvus-writableinit/wait-for-mysql5.9.10+
ml-model-service/milvusmilvus-writableinit/create-for-share-storage5.9.10+
ml-model-service/milvusmilvus-adminadmin5.9.10+
ml-model-service/milvusmilvus-admininit/wait-for-milvus5.9.10+
ml-model-service/milvusmilvus-mishardsinit/wait-for-mysql5.9.10+
ml-model-service/milvusmilvus-mishardsinit/wait-for-mysql5.9.10+
ml-model-service/milvusmilvus-mishardsmishards5.9.10+
ml-model-service/milvus/mysqlmysqlinit/remove-lost-found5.9.10+
ml-model-service/milvus/mysqlmysqlmysql5.9.10+
pm-uipm-uipm-ui5.9.9+
query-pipelinequery-pipelinequery-pipeline5.9.9+
question-answeringargo/qna-coldstart/init-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/write-job-configsinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/write-io-configsinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/write-io-configsinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/add-zkHostinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/pull-datainit/wait/main5.9.10+
question-answeringargo/qna-coldstart/pull-data-cloudinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/traininit/wait/main5.9.10+
question-answeringargo/qna-coldstart/list-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/post-modelinit/wait/main5.9.10+
question-answeringargo/qna-coldstart/apply-seldon-deploymentinit/wait/main5.9.10+
question-answeringargo/qna-supervised/init-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-supervised/write-job-configsinit/wait/main5.9.10+
question-answeringargo/qna-supervised/write-io-configsinit/wait/main5.9.10+
question-answeringargo/qna-supervised/add-zkhostinit/wait/main5.9.10+
question-answeringargo/qna-supervised/pull-qa-data-cloudinit/wait/main5.9.10+
question-answeringargo/qna-supervised/pull-qa-datainit/wait/main5.9.10+
question-answeringargo/qna-supervised/traininit/wait/main5.9.10+
question-answeringargo/qna-supervised/train-with-textsinit/wait/main5.9.10+
question-answeringargo/qna-supervised/list-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-supervised/post-modelinit/wait/main5.9.10+
question-answeringargo/qna-supervised/apply-seldon-deploymentinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/init-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/write-job-configsinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/write-io-configsinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/add-zkhostinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/list-workspaceinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/pull-eval-datainit/wait/main5.9.10+
question-answeringargo/qna-evaluation/pull-eval-data-cloudinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/evaluateinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/push-eval-results-cloudinit/wait/main5.9.10+
question-answeringargo/qna-evaluation/push-eval-resultsinit/wait/main5.9.10+
recommenderargo/item-recommender-userinit/wait/main5.9.10+
recommenderargo/item-recommender-user/init-workspaceinit/wait/main5.9.10+
recommenderargo/item-recommender-user/write-job-configsinit/wait/main5.9.10+
recommenderargo/item-recommender-user/write-io-configsinit/wait/main5.9.10+
recommenderargo/item-recommender-user/add-zkhostinit/wait/main5.9.10+
recommenderargo/item-recommender-user/pull-data-training-and-metadatainit/wait/main5.9.10+
recommenderargo/item-recommender-user/pull-data-training-and-metadata-cloudinit/wait/main5.9.10+
recommenderargo/item-recommender-user/train-with-metadatainit/wait/main5.9.10+
recommenderargo/item-recommender-user/train-without-metadatainit/wait/main5.9.10+
recommenderargo/item-recommender-user/push-recommendationsinit/wait/main5.9.10+
recommenderargo/item-recommender-user/push-recommendations-cloudinit/wait/main5.9.10+
recommenderargo/item-recommender-user/add-default-exclude-queryinit/wait/main5.9.10+
recommenderargo/item-recommender-user/init-workspaceinit/wait/main5.9.10+
recommenderargo/item-recommender-content/copy-modelinit/wait/main5.9.10+
recommenderargo/item-recommender-content/write-job-configsinit/wait/main5.9.10+
recommenderargo/item-recommender-content/write-io-configsinit/wait/main5.9.10+
recommenderargo/item-recommender-content/add-zkhostinit/wait/main5.9.10+
recommenderargo/item-recommender-content/pull-datainit/wait/main5.9.10+
recommenderargo/item-recommender-content/pull-data-cloudinit/wait/main5.9.10+
recommenderargo/item-recommender-content/traininit/wait/main5.9.10+
recommenderargo/item-recommender-content/push-contentinit/wait/main5.9.10+
recommenderargo/item-recommender-content/push-content-cloudinit/wait/main5.9.10+
recommenderargo/item-recommender-content/add-default-exclude-queryinit/wait/main5.9.10+
recommenderargo/item-recommender-content/delete-old-content-recommendationsinit/wait/main5.9.10+
reverse-searchreverse-searchinit/set-reverse-search-zone5.9.10+
reverse-searchreverse-searchinit/check-zk5.9.9+
reverse-searchreverse-searchinit/enable-tls-in-reverse-search5.9.10+
reverse-searchreverse-searchreverse-search5.9.10+
rules-uirules-uirules-ui5.9.9+
seldon-core-operatorseldon-controller-managermanager5.9.10+
seldon-core-operatorseldon-spartakus-volunteerseldon-spartakus-volunteer5.9.9+
seldon-core-operatorcrd/SeldonDeployment✅/❌5.9.9+
solrsolrinit/set-solr-zone5.9.10+
solrsolrinit/enable-tls-in-solr5.9.10+
solrconfigset-bootstrapconfigset-bootstrap5.9.10+
solrsolrsolr5.9.10+
solrsolr-exporterexporter5.9.10+
solrsolr-exporterinit/solr-init5.9.10+
solr-managedconfigset-bootstrapconfigset-bootstrap5.9.10+
solr-managedexporterexporter5.9.10+
solr-managedexporterinit/solr-init5.9.10+
solr-managedsolrinit/set-solr-zone5.9.10+
solr-managedsolrinit/enable-tls-in-solr5.9.10+
solr-managedsolrsolr5.9.10+
solr-managedsolrprocess-raw5.9.10+
solr-backup-runnersolr-backup-runner-backupsolr-backups5.9.10+
solr-backup-runnersolr-backup-runner-prunesolr-prune5.9.10+
templatingtemplatingtemplating5.9.9+
webappswebappswebapps5.9.9+
zookeeperzookeeperzookeeper5.9.10+
zookeeperzookeeperjmx-exporter5.9.10+
zookeeperzookeeperzookeeper-exporter5.9.10+
zookeeperzookeeper-chrootsmain5.9.10+

Bug fixes

  • This release addresses an issue in Fusion 5.9.2 and up, where enabling Transport Layer Security (TLS) during installation resulted in the following error: 
    Error: INSTALLATION FAILED: ... at <.tls.certSecret.name>: nil pointer evaluating interface {}.name
    With this fix, Fusion can now be successfully installed with TLS enabled.
  • This release improves compatibility between Solr and Fusion’s LWAI Prediction index pipeline stage to prevent errors about incompatible characters in field names.
  • The Fusion API realm can now authenticate when an API key is passed via an apiKey parameter.
    Previously, the key could only be passed in the header, as in these examples:     
    curl -H "x-api-key: API_KEY" "https://FUSION_HOST/api/query/status"
curl -H "apiKey: API_KEY" "https://FUSION_HOST/api/query/status"
    Now you can also pass the key as a parameter, like this: 
    curl https://FUSION_HOST/api/query/status?apiKey=API_KEY
  • The Configurations and ZooKeeper Import/Export APIs are now accessible only to authorized users from within your Fusion cluster or through Kubernetes port forwarding.
  • The API Gateway now includes an optional Kubernetes health check. To enable this check, edit your values.yaml file, and add -Dspring.cloud.kubernetes.loadbalancer.mode=POD to the API Gateway’s javaToolOptions. For example: 
    fusion:
  api-gateway:
    javaToolOptions: "-Dspring.cloud.kubernetes.loadbalancer.mode=POD"
    When enabled, if the health check fails during pod discovery, Kubernetes will restart the pod.

Known issues

  • Saving large query pipelines may cause OOM failures under high load.
    In Fusion versions 5.9.9 through 5.9.13, saving a large query pipeline during high query volume can result in thread lock, excessive memory use, and eventual OOM errors in the Query service.
    This issue is fixed in Fusion 5.9.14.
  • An issue prevents segment-based rule filtering from working correctly in Commerce Studio. This issue is fixed in Fusion 5.9.12.
  • After upgrading, the config-sync pod sometimes fails due to authorization errors. If this pod is not required by your setup, you can disable it by setting the enabled flag to false in your Helm chart configuration, saving the configuration, and rerunning the upgrade script. 
    fusion-config-sync:
  enabled: false
  • Jobs or pipelines that serialize or deserialize JSONResponse objects may fail with an error of Cannot instantiate class java.util.Collections$SingletonMap with Kryo.
    The issue was fixed in Fusion 5.9.10 and backported into Fusion 5.9.9.

Deprecations

For full details on deprecations, see Deprecations and Removals. As part of our ongoing initiative to replace our V1 (Classic) connectors with our more secure, flexible, and scalable V2 (Plugin) connectors, the following V1 connectors are deprecated in this release: Learn more about V1 and V2 connectors.
FAQHow long will Lucidworks continue to support these connectors?These connectors will remain available for at least 6 months from the release of Fusion 5.9.9 and will be removed in a release after this 6-month period.
To prepare for the eventual removal of these connectors in a future release, Lucidworks strongly recommends beginning the migration of your datasources to the following V2 connectors:

Removals

Bitnami removal

Fusion 5.9.8 will be re-released with the same functionality but updated image references. In the meantime, Lucidworks will self-host the required images while we work to replace Bitnami images with internally built open-source alternatives. If you are a self-hosted Fusion customer, you must upgrade before August 28 to ensure continued access to container images and prevent deployment issues. You can reinstall your current version of Fusion or upgrade to Fusion 5.9.14, which includes the updated Helm chart and prepares your environment for long-term compatibility. See Prevent image pull failures due to Bitnami deprecation in Fusion 5.9.5 to 5.9.13 for more information on how to prevent image pull failures.

Platform support and component versions

Kubernetes platform support

Lucidworks has tested and validated support for the following Kubernetes platforms and versions:
  • Google Kubernetes Engine (GKE): 1.28, 1.29, 1.30
  • Microsoft Azure Kubernetes Service (AKS): 1.28, 1.29, 1.30
  • Amazon Elastic Kubernetes Service (EKS): 1.28, 1.29, 1.30
Support is also offered for Rancher Kubernetes Engine (RKE) and OpenShift 4 versions that are based on Kubernetes 1.28, 1.29, 1.30. OpenStack and customized Kubernetes installations are not supported. For more information on Kubernetes version support, see the Kubernetes support policy.

Component versions

The following table details the versions of key components that may be critical to deployments and upgrades.
ComponentVersion
Solrfusion-solr 5.9.9 (based on Solr 9.6.1)
ZooKeeper3.9.1
Spark3.2.2
Ingress ControllersNginx, Ambassador (Envoy), GKE Ingress Controller Istio not supported.
More information about support dates can be found at Lucidworks Fusion Product Lifecycle.