You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Mike Drob (Jira)" <ji...@apache.org> on 2021/12/10 16:35:00 UTC

[jira] (SOLR-15843) Update Log4J dependency

    [ https://issues.apache.org/jira/browse/SOLR-15843 ]


    Mike Drob deleted comment on SOLR-15843:
    ----------------------------------

was (Author: mdrob):
Security page has been updated - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228-jndi-features-do-not-protect-against-attacker-controlled-ldap-and-other-jndi-related-endpoints

> Update Log4J dependency
> -----------------------
>
>                 Key: SOLR-15843
>                 URL: https://issues.apache.org/jira/browse/SOLR-15843
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Mike Drob
>            Assignee: Mike Drob
>            Priority: Critical
>             Fix For: 9.0, 8.11.1
>
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Log4j 2.15 is about to be released, we should update when it is available.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org