You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by Kashif Mumtaz <ka...@yahoo.com.INVALID> on 2021/12/19 10:14:14 UTC

How to mitigate CVE-2021-45105

Hi ,We are using Solr 7.7.3. How to apply fix for log4j third vulnerability  CVE-2021-45105 in Solr ?
Regards,

Re: How to mitigate CVE-2021-45105

Posted by David Smiley <ds...@apache.org>.

Solr's default logging config isn't vulnerable:
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
You'd have to go out of your way to configure logging to use such this
vulnerable mechanism, and that isn't likely for Solr users to do so.

~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley

On Sun, Dec 19, 2021 at 5:14 AM Kashif Mumtaz
<ka...@yahoo.com.invalid> wrote:

> Hi ,We are using Solr 7.7.3. How to apply fix for log4j third
> vulnerability  CVE-2021-45105 in Solr ?
> Regards,
>
>