You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ja...@apache.org on 2021/12/15 13:19:29 UTC
[solr-site] branch main updated: Clarify what docker versions are patched
This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/main by this push:
new 9d58b48 Clarify what docker versions are patched
new 1330065 Merge pull request #57 from janhoy/log4j-docker-only-supported
9d58b48 is described below
commit 9d58b480c29a93d9460b11de1dff1368c6a90f6d
Author: Jan Høydahl <ja...@cominvent.com>
AuthorDate: Wed Dec 15 09:14:08 2021 +0100
Clarify what docker versions are patched
---
content/solr/security/2021-12-10-cve-2021-44228.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/solr/security/2021-12-10-cve-2021-44228.md b/content/solr/security/2021-12-10-cve-2021-44228.md
index 522e447..6b5ecf9 100644
--- a/content/solr/security/2021-12-10-cve-2021-44228.md
+++ b/content/solr/security/2021-12-10-cve-2021-44228.md
@@ -19,7 +19,7 @@ Solr's Prometheus Exporter uses Log4J as well but it does not log user input or
Any of the following are enough to prevent this vulnerability for Solr servers:
* Upgrade to `Solr 8.11.1` or greater (when available), which will include an updated version of the Log4J dependency.
-* If you are using Solr's official docker image, no matter the version, it has already been mitigated. You may need to re-pull the image.
+* If you are using Solr's official docker image, it has already been mitigated in all versions listed as supported on Docker Hub: <https://hub.docker.com/_/solr>. You may need to re-pull the image.
* Manually update the version of Log4J on your runtime classpath and restart your Solr application.
* (Linux/MacOS) Edit your `solr.in.sh` file to include:
`SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"`