You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2023/04/28 09:11:00 UTC

[jira] [Resolved] (SOLR-16775) Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) (Unauthenticated)

     [ https://issues.apache.org/jira/browse/SOLR-16775?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Høydahl resolved SOLR-16775.
--------------------------------
    Resolution: Invalid

Hi,

JIRA is not a support portal for the project. You should discuss your questions on the users mailing list, see https://solr.apache.org/community.html#mailing-lists-chat

Our Log4shell advisory is at https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228

Your best action would be to upgrade to latest 8.11.x version. It should be compatible with 8.1, but test first. Any further communication on this issue must happen on the users mailing list.

> Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) (Unauthenticated)
> ------------------------------------------------------------------------------------
>
>                 Key: SOLR-16775
>                 URL: https://issues.apache.org/jira/browse/SOLR-16775
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Hariprasad T
>            Priority: Major
>
> Hi Team,
> We have a Sitecore project of version 9.3 and we are using windows Solr 8.1.1. We have this below Vulnerabilities,
> *(a)* Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) (Unauthenticated)
> *(b)* Apache Solr Affected By Apache Log4J Vulnerability (Log4Shell)
> impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.
> *Reference URL:*
> https://logging.apache.org/log4j/2.x/security.html "Log4j .  Patch:  Following are links for downloading patches to fix the vulnerabilities:   https://logging.apache.org/log4j/2.x/download.html "Apache Log4j 
> *Impacted Server:*
> Developer VM servers and few other servers.
> *Comment:*
> Please advise how to fix this vulnerabilities and where we have to make the changes.
> or it would be great if you can suggest any other solution to fix this vulnerability.
> Thanks in advance!
>  
> Best,
> Hariprasad T



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org