You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Ramila Herath <ra...@ifs.com> on 2021/12/16 09:09:14 UTC
Apache Log4J CVE-2021-44228
Hi;
In your security statement (https://solr.apache.org/security.html) it says the following
Upgrade to Solr 8.11.1 or greater (when available), which will include an updated version (>= 2.16.0) of the Log4J dependency
However I am unable to find a download link to 8.11.1. Latest I see it 8.11.0. please confirm where to download 8.11.1 from
ARG SOLR_VERSION="8.11.0"
SOLR_CLOSER_URL=http://www.apache.org/dyn/closer.lua?filename=lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz&action=download \
SOLR_DIST_URL=https://www.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz \
SOLR_ARCHIVE_URL=https://archive.apache.org/dist/lucene/solr/$SOLR_VERSION/solr-$SOLR_VERSION.tgz \
Thanx in advance
Regards,
Ramila Herath (he/him)
Senior Software Architect | Experience Framework
[cid:image001.png@01D7F28A.84320C00]<http://ifs.biz/ifs-website>
+94 11 236 44 00
18th Floor, Orion Towers,
736, Dr. Danister De Silva Mawatha, Colombo 00900, SRI LANKA
[cid:image002.png@01D7F28A.84320C00]<http://ifs.biz/ifs-linkedin> [cid:image003.png@01D7F28A.84320C00] <http://ifs.biz/ifs-twitter> [A close up of a sign Description automatically generated] <http://ifs.biz/instagram> [cid:image005.png@01D7F28A.84320C00] <http://ifs.biz/industry-analyst-research>
[A picture containing graphical user interface Description automatically generated]<https://www.ifs.com/corp/news-and-events/events/ifs-cloud/?utm_campaign=ifs+cloud+launch&utm_medium=email&utm_source=outlook+ifs+email+signature&utm_content=march+2021&utm_term=&sc_camp=> [A picture containing shape Description automatically generated] <https://www.ifs.com/news-and-events/sustainability/?utm_campaign=change+for+good&utm_medium=email&utm_source=ifs.com&utm_content=signature&utm_term=&sc_camp=>
IFS World Operations AB is a private liability company registered in Sweden.
Corporate identity number: 556040-6042.
Registered office: Teknikringen 5, Box 1545, SE-581 15 Linköping.
________________________________
Confidentiality notice and disclaimer
This e-mail is private and may contain confidential information. You must not use, disclose, or retain any of its content if you have received it in error: please notify its sender and then delete it. Any views or opinions expressed in this e-mail are strictly those of its author. We do not accept liability for the consequences of any data corruption, interception, tampering, or virus.
Re: Apache Log4J CVE-2021-44228
Posted by Shawn Heisey <ap...@elyograg.org>.
On 12/16/2021 2:09 AM, Ramila Herath wrote:
> However I am unable to find a download link to 8.11.1. Latest I see it
> 8.11.0. please confirm where to download 8.11.1 from
One of these URLs should work, depending on what OS you want to extract on:
https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.tgz?action=download
https://www.apache.org/dyn/closer.lua/lucene/solr/8.11.1/solr-8.11.1.zip?action=download
The download page for Solr has now been updated and has those links on
it. When I started writing this message, it hadn't yet been updated.
The release process we have had in place for many years is not fast.
Hopefully we can implement a streamlined process for security fixes in
the future. I apologize for the delay in getting this release out.
Thanks,
Shawn