You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Rahul Verma (Jira)" <ji...@apache.org> on 2022/01/07 09:39:00 UTC

[jira] [Created] (SOLR-15900) Upgrade log4j to 2.17.1

Rahul Verma created SOLR-15900:
----------------------------------

             Summary: Upgrade log4j to 2.17.1
                 Key: SOLR-15900
                 URL: https://issues.apache.org/jira/browse/SOLR-15900
             Project: Solr
          Issue Type: Task
      Security Level: Public (Default Security Level. Issues are Public)
          Components: logging
    Affects Versions: 8.11.1
            Reporter: Rahul Verma


We should update to Log4j 2.17.1 to address [CVE-2021-44832|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org