Third-Party Update: Apache Solr 9.8.0

Apache Solr has been updated to version 9.8.0. The new version fixes security vulnerability CVE-2025-24814.

A new coremedia/solr-base Docker image with tag 2.5-cm-9.8.0 has been released, which also provides a fix for leader/follower replication with enabled basic authentication. It adds the environment variable SOLR_LEADER_BASIC_AUTH for configuring basic authentication credentials. Starting with previous release Solr 9.7.0, credentials that are included in the SOLR_LEADER_URL environment variable are not used anymore.

See https://solr.apache.org/docs/9_8_0/changes/Changes.html and https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#solr-9-8 for a list of changes in Solr.

(CMS-27253)

Smart Validation for Segment in Commerce Pages

In commerce-related page types (Augmented Category, Augmented Product and Augmented Page) the segment is typically not used, at least when it is a commerce-led scenario. In such a case the segment is not used to build an URL (but it is a Storefront URL). Therefore, the segment does not need to be validated. Only in a hybrid scenario (when the settings "livecontext.policy.commerce-category-links", "livecontext.policy.commerce-product-links" or "livecontext.policy.commerce-page-links" are "true") the validation is done for these page types.

(CMS-18494)