Apache Solr has been updated to version 9.10.0 and the coremedia/solr-base Docker image with tag 2.6-cm-9.10.0 has been released. As part of this change, the following transitive dependencies of Apache SolrJ have been updated:

The update fixes security vulnerabilities CVE-2025-5115 and CVE-2025-12383 in Solr.

Solr 9.10.0 includes an update of Lucene, and indices written by the new version may become unreadable for previous Solr versions. You should make a backup of Solr indices before the update to be able to revert the update in case of unexpected problems. To avoid errors with Solr replication, followers should be updated at the same time or before leaders, or Solr replication should be stopped during upgrade, for example by disconnecting Solr followers from the Solr leader.

The configuration property solr.use-http1 for CMCC applications is no longer deprecated. It is still recommended to keep it at its default value false to use HTTP/2, if possible.

Methods to set the Solr request handler at the SolrQuery object have been deprecated in SolrJ (SolrQuery#setRequestHandler and CommonParams.QT). For CMCC 13 (2512.0.0), the Blueprint code has been adapted to set the request handler as path when executing the query (in package com.coremedia.blueprint.cae.search.solr).

See https://solr.apache.org/docs/9_10_0/changes/Changes.html and https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#solr-9-8 for a list of changes in Solr.

(CMS-27540)