Hariprasad T created SOLR-16775:
-----------------------------------
Summary: Apache Log4j Remote Code Execution (RCE) Vulnerability
(Log4Shell) (Unauthenticated)
Key: SOLR-16775
URL: https://issues.apache.org/jira/browse/SOLR-16775
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Hariprasad T
Hi Team,
We have a Sitecore project of version 9.3 and we are using windows Solr 8.1.1.
We have this below Vulnerabilities,
*(a)* Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell)
(Unauthenticated)
*(b)* Apache Solr Affected By Apache Log4J Vulnerability (Log4Shell)
impacted on few of our servers. And below are the patch fix suggested by Solr
for this vulnerability.
*Reference URL:*
https://logging.apache.org/log4j/2.x/security.html "Log4j . Patch: Following
are links for downloading patches to fix the vulnerabilities:
https://logging.apache.org/log4j/2.x/download.html "Apache Log4j
*Impacted Server:*
Developer VM servers and few other servers.
*Comment:*
Please advise how to fix this vulnerabilities and where we have to make the
changes.
or it would be great if you can suggest any other solution to fix this
vulnerability.
Thanks in advance!
Best,
Hariprasad T
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
