You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by e_...@videotron.ca on 2021/12/15 12:40:11 UTC

Log4J saga (CVE-2021-45046)

Hi all,

Looks like we are not done with log4j security problems. Someone has recommendations about CVE-2021-45046?

Eric Briere

Re: Log4J saga (CVE-2021-45046)

Posted by Andy Lester <an...@petdance.com>.

> 
> Is there already an Idea when 8.11.1 is supposed to be released ?


This was discussed yesterday. Check the archives for the full explanation. 

Short version: can’t give a definite date but it will be no sooner than a week from now.

AW: Log4J saga (CVE-2021-45046)

Posted by Jens Viebig <je...@vitec.com>.

Is there already an Idea when 8.11.1 is supposed to be released ?


Jens Viebig
Software Developer
o: 
+49 4307 8358 0
f: 
+49 4307 8358 699
jens.viebig@vitec.com
www.vitec.com

Legal Notice
 Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this e-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. Neither VITEC S.A. (66 Avenue des Champs Elysées – 75008 Paris - France) nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. VITEC GmbH, Lise-Meitner-Str. 15, 24223 Schwentinental
 Geschäftsführer/Managing Director: Philippe Wetzel
 HRB Plön 1584 / Steuernummer: 2029706365 / VATnumber: DE134878603
-----Ursprüngliche Nachricht-----
Von: Rahul Goswami <ra...@gmail.com> 
Gesendet: Mittwoch, 15. Dezember 2021 13:58
An: users@solr.apache.org
Betreff: Re: Log4J saga (CVE-2021-45046)

We just upgraded to log4j2-2.16. It disables jndi lookups altogether by default.

-Rahul

On Wed, Dec 15, 2021 at 7:40 AM <e_...@videotron.ca> wrote:

> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has 
> recommendations about CVE-2021-45046?
>
> Eric Briere
>

Re: Log4J saga (CVE-2021-45046)

Posted by Rahul Goswami <ra...@gmail.com>.

We just upgraded to log4j2-2.16. It disables jndi lookups altogether by
default.

-Rahul

On Wed, Dec 15, 2021 at 7:40 AM <e_...@videotron.ca> wrote:

> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has
> recommendations about CVE-2021-45046?
>
> Eric Briere
>

Re: Log4J saga (CVE-2021-45046)

Posted by Walter Underwood <wu...@wunderwood.org>.

That is fixed in log4j 2.16.0, included in Solr 8.11.1.

wunder
Walter Underwood
wunder@wunderwood.org
http://observer.wunderwood.org/  (my blog)

> On Dec 15, 2021, at 4:40 AM, e_briere@videotron.ca wrote:
> 
> Hi all,
> 
> Looks like we are not done with log4j security problems. Someone has recommendations about CVE-2021-45046?
> 
> Eric Briere