You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Manisha Rahatadkar <Ma...@AnjuSoftware.com> on 2021/12/14 15:00:33 UTC
Question Apache Solr 7.7.0, 8.7 and 8.9 - log4j vulnerability
Hello all
We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux environment. What mitigation option do we need to take for this vulnerability?
Thank you in advance.
Regards
Manisha
Confidentiality Notice
====================
This email message, including any attachments, is for the sole use of the intended recipient and may contain confidential and privileged information. Any unauthorized view, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Anju Software, Inc. 4500 S. Lakeshore Drive, Suite 620, Tempe, AZ USA 85282.
Re: Question Apache Solr 7.7.0, 8.7 and 8.9 - log4j vulnerability
Posted by Vincenzo D'Amore <v....@gmail.com>.
When start Solr add to your env:
SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
On Tue, Dec 14, 2021 at 4:07 PM Andy Lester <an...@petdance.com> wrote:
>
>
> > On Dec 14, 2021, at 9:00 AM, Manisha Rahatadkar
> <Ma...@AnjuSoftware.com> wrote:
> >
> > We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux
> environment. What mitigation option do we need to take for this
> vulnerability?
>
>
>
> https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
--
Vincenzo D'Amore
Re: Question Apache Solr 7.7.0, 8.7 and 8.9 - log4j vulnerability
Posted by Andy Lester <an...@petdance.com>.
> On Dec 14, 2021, at 9:00 AM, Manisha Rahatadkar <Ma...@AnjuSoftware.com> wrote:
>
> We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux environment. What mitigation option do we need to take for this vulnerability?
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
Re: Question Apache Solr 7.7.0, 8.7 and 8.9 - log4j vulnerability
Posted by Mike Drob <md...@mdrob.com>.
You can download log4j at https://logging.apache.org/log4j/2.x/download.html
When replacing the jar files, you will also need to restart your services.
On Tue, Dec 14, 2021 at 9:30 AM Manisha Rahatadkar <
Manisha.Rahatadkar@anjusoftware.com> wrote:
> Hello all
>
>
>
> We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux
> environment. What mitigation option do we need to take for this
> vulnerability?
>
> Where to get the log4j2? Can we just replace the log4j* files in
> solr-8.7.0\server\lib\ext folder? Will it work?
>
>
>
> https://solr.apache.org/security.html
>
>
>
>
>
> Thank you in advance.
>
>
>
> Regards
>
> Manisha
>
>
>
>
>
> *Confidentiality Notice ==================== This email message, including
> any attachments, is for the sole use of the intended recipient and may
> contain confidential and privileged information. Any unauthorized view,
> use, disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message. Anju Software, Inc. 4500 S. Lakeshore Drive, Suite
> 620, Tempe, AZ USA 85282.*
>
RE: Question Apache Solr 7.7.0, 8.7 and 8.9 - log4j vulnerability
Posted by Manisha Rahatadkar <Ma...@AnjuSoftware.com>.
Hello all
We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux environment. What mitigation option do we need to take for this vulnerability?
Where to get the log4j2? Can we just replace the log4j* files in solr-8.7.0\server\lib\ext folder? Will it work?
https://solr.apache.org/security.html
[cid:image001.png@01D7F0CC.79E0F6E0]
Thank you in advance.
Regards
Manisha
Confidentiality Notice
====================
This email message, including any attachments, is for the sole use of the intended recipient and may contain confidential and privileged information. Any unauthorized view, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Anju Software, Inc. 4500 S. Lakeshore Drive, Suite 620, Tempe, AZ USA 85282.