You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ds...@apache.org on 2021/12/12 22:03:16 UTC

[solr-site] branch docker-images-updated created (now 640a367)

This is an automated email from the ASF dual-hosted git repository.

dsmiley pushed a change to branch docker-images-updated
in repository https://gitbox.apache.org/repos/asf/solr-site.git.


      at 640a367  Log4j: Solr's docker images are mitigated.

This branch includes the following new commits:

     new 640a367  Log4j: Solr's docker images are mitigated.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[solr-site] 01/01: Log4j: Solr's docker images are mitigated.

Posted by ds...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

dsmiley pushed a commit to branch docker-images-updated
in repository https://gitbox.apache.org/repos/asf/solr-site.git

commit 640a36747496f56d6e3d8f0113122694fa59f164
Author: David Smiley <ds...@apache.org>
AuthorDate: Sun Dec 12 17:03:13 2021 -0500

    Log4j: Solr's docker images are mitigated.
---
 content/solr/security/2021-12-10-cve-2021-44228.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/solr/security/2021-12-10-cve-2021-44228.md b/content/solr/security/2021-12-10-cve-2021-44228.md
index e34e6f9..98e786e 100644
--- a/content/solr/security/2021-12-10-cve-2021-44228.md
+++ b/content/solr/security/2021-12-10-cve-2021-44228.md
@@ -19,6 +19,7 @@ The Prometheus Exporter Contrib is similarly separately affected.
 Any of the following are enough to prevent this vulnerability for Solr servers:
 
 * Upgrade to `Solr 8.11.1` or greater (when available), which will include an updated version of the log4j2 dependency.
+* If you are using Solr's official docker image, no matter the version, it has already been mitigated.  You may need to re-pull the image.
 * Manually update the version of log4j2 on your runtime classpath and restart your Solr application.
 * (Linux/MacOS) Edit your `solr.in.sh` file to include:
   `SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"`
@@ -29,6 +30,7 @@ Any of the following are enough to prevent this vulnerability for Solr servers:
 The vulnerability in the Prometheus Exporter Contrib can be mitigated by any of the following:
 
 * Upgrade to `Solr 8.11.1` or greater (when available), which will include an updated version of the log4j2 dependency.
+* If you are using Solr's official docker image, no matter the version, it has already been mitigated.  You may need to re-pull the image.
 * Manually update the version of log4j2 on your runtime classpath and restart your Solr application.
 * Edit your `solr-exporter` script to include:
   `JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"`