You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by Michael Schumann <sc...@adobe.com.INVALID> on 2021/12/10 19:04:25 UTC

0-day Apache log4j RCE vulnerability

It looks like this affects Solr versions >= 7. Am I reading this correctly?


References:
https://www.lunasec.io/docs/blog/log4j-zero-day/

https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

https://help.aliyun.com/noticelist/articleid/1060971232.html

Re: 0-day Apache log4j RCE vulnerability

Posted by Andy Lester <an...@petdance.com>.

I trust that by now you’ve seen the discussion earlier today on this mailing list about it.

Re: 0-day Apache log4j RCE vulnerability

Posted by Uwe Schindler <uw...@thetaphi.de>.

See the security advisory: https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228

Uwe

Am 10. Dezember 2021 19:18:08 UTC schrieb Michael Schumann <sc...@adobe.com.INVALID>:
>It looks like this affects Solr versions >= 7.4. Am I reading this correctly?
>
>
>References:
>https://www.lunasec.io/docs/blog/log4j-zero-day/
>
>https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
>
>https://help.aliyun.com/noticelist/articleid/1060971232.html
>

--
Uwe Schindler
Achterdiek 19, 28357 Bremen
https://www.thetaphi.de

0-day Apache log4j RCE vulnerability

Posted by Michael Schumann <sc...@adobe.com.INVALID>.

It looks like this affects Solr versions >= 7.4. Am I reading this correctly?


References:
https://www.lunasec.io/docs/blog/log4j-zero-day/

https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

https://help.aliyun.com/noticelist/articleid/1060971232.html