[jira] [Commented] (SOLR-15843) Update Log4J dependency

Houston Putman (Jira) Fri, 10 Dec 2021 08:16:42 -0800


    [ 
https://issues.apache.org/jira/browse/SOLR-15843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457240#comment-17457240
 ]


Houston Putman commented on SOLR-15843:
---------------------------------------

The CVE is now listed on the security page, thanks Mike!

https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228-jndi-features-do-not-protect-against-attacker-controlled-ldap-and-other-jndi-related-endpoints

> Update Log4J dependency
> -----------------------
>
>                 Key: SOLR-15843
>                 URL: https://issues.apache.org/jira/browse/SOLR-15843
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Mike Drob
>            Assignee: Mike Drob
>            Priority: Critical
>             Fix For: 9.0, 8.11.1
>
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Log4j 2.15 is about to be released, we should update when it is available.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Commented] (SOLR-15843) Update Log4J dependency

Reply via email to