You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by Ramila Herath <ra...@ifs.com> on 2021/12/16 09:09:14 UTC

Apache Log4J CVE-2021-44228

Hi;

In your security statement (https://solr.apache.org/security.html) it says the following

Upgrade to Solr 8.11.1 or greater (when available), which will include an updated version (>= 2.16.0) of the Log4J dependency

However I am unable to find a download link to 8.11.1. Latest I see it 8.11.0. please confirm where to download 8.11.1 from

ARG SOLR_VERSION="8.11.0"

SOLR_CLOSER_URL=http://www.apache.org/dyn/closer.lua?filename=lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz&action=download \
SOLR_DIST_URL=https://www.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz \
SOLR_ARCHIVE_URL=https://archive.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz \

Thanx in advance

Regards,

Ramila Herath (he/him)
Senior Software Architect | Experience Framework

[cid:image001.png@01D7F28A.84320C00]<http://ifs.biz/ifs-website>
+94 11 236 44 00
18th Floor, Orion Towers,
736, Dr. Danister De Silva Mawatha, Colombo 00900, SRI LANKA

[cid:image002.png@01D7F28A.84320C00]<http://ifs.biz/ifs-linkedin>  [cid:image003.png@01D7F28A.84320C00] <http://ifs.biz/ifs-twitter>   [A close up of a sign  Description automatically generated] <http://ifs.biz/instagram>   [cid:image005.png@01D7F28A.84320C00] <http://ifs.biz/industry-analyst-research>

[A picture containing graphical user interface  Description automatically generated]<https://www.ifs.com/corp/news-and-events/events/ifs-cloud/?utm_campaign=ifs+cloud+launch&utm_medium=email&utm_source=outlook+ifs+email+signature&utm_content=march+2021&utm_term=&sc_camp=> [A picture containing shape  Description automatically generated] <https://www.ifs.com/news-and-events/sustainability/?utm_campaign=change+for+good&utm_medium=email&utm_source=ifs.com&utm_content=signature&utm_term=&sc_camp=>
IFS World Operations AB is a private liability company registered in Sweden.
Corporate identity number: 556040-6042.
Registered office: Teknikringen 5, Box 1545, SE-581 15 Linköping.

________________________________
Confidentiality notice and disclaimer
This e-mail is private and may contain confidential information. You must not use, disclose, or retain any of its content if you have received it in error: please notify its sender and then delete it. Any views or opinions expressed in this e-mail are strictly those of its author. We do not accept liability for the consequences of any data corruption, interception, tampering, or virus.

Re: Apache Log4J CVE-2021-44228

Posted by Shawn Heisey <ap...@elyograg.org>.

On 12/16/2021 2:09 AM, Ramila Herath wrote:
> However I am unable to find a download link to 8.11.1. Latest I see it 
> 8.11.0. please confirm where to download 8.11.1 from

One of these URLs should work, depending on what OS you want to extract on:

https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.tgz?action=download
https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.zip?action=download

The download page for Solr has now been updated and has those links on 
it.  When I started writing this message, it hadn't yet been updated.

The release process we have had in place for many years is not fast. 
Hopefully we can implement a streamlined process for security fixes in 
the future.  I apologize for the delay in getting this release out.

Thanks,
Shawn