On 12/15/21 11:53 AM, Scott Derrick wrote:
I find these files in my solr install
./server/lib/ext/log4j-core-2.11.0.jar
./server/lib/ext/log4j-1.2-api-2.11.0.jar
./server/lib/ext/log4j-api-2.11.0.jar
./server/lib/ext/log4j-slf4j-impl-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j-core-2.11.0
That should be sufficient based on our current understanding of the
situation, yes.
On Wed, Dec 15, 2021 at 12:53 PM Scott Derrick wrote:
> I find these files in my solr install
>
> ./server/lib/ext/log4j-core-2.11.0.jar
> ./server/lib/ext/log4j-1.2-api-2.11.0.jar
> ./server/lib/ext/log4j-api-2.
I find these files in my solr install
./server/lib/ext/log4j-core-2.11.0.jar
./server/lib/ext/log4j-1.2-api-2.11.0.jar
./server/lib/ext/log4j-api-2.11.0.jar
./server/lib/ext/log4j-slf4j-impl-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j-core-2.11.0.jar
./contrib/prometheus-exporter/lib/log4j
I would also encourage you to do the upgrade first on QA/Staging rather
than directly on production, where possible.
This could prevent nasty binary incompatibilities where the Solr build
expects certain methods from the compiled log4j library, that mismatch with
the upgraded jar.
And a crashed off
On 2021-12-15 11:06 AM, Shawn Heisey wrote:
...
I did an experiment, replacing the bin/solr script in 6.6.6 with the
bin/solr script from 8.11.0 ... although I have not done extensive
testing, this appears to work. It was able to start Solr, and was also
able to start the cloud example, with "
On 12/15/21 9:14 AM, Shawn Heisey wrote:
I am in the process of downloading 6.6.6 so I can do some testing.
Transfer speed from archive.apache.org is terrible, I should be done
with the download in about 15 minutes.
Out of the box, Solr 6.6.6 refuses to start with Java 11. It actually
r
On 12/15/21 7:01 AM, Steven White wrote:
Does anyone know if Solr 3.6.1 supports FIPS 140-2?
Solr 3.6.1 was announced on July 22, 2012. Over nine years ago. At that
time, Solr itself didn't have any kind of encryption capability. If you
want to enable encryption for that version of Solr, yo
On 12/15/21 9:41 AM, Ing. Andrea Vettori wrote:
Hello, is it safe to simply replace the jars in the solr lib/ext folder with
version 2.16 or are they hardcoded in scripts or meta-inf files ?
This appears to work correctly if the original version of log4j included
was 2.14.1. I have done thi
Hello, is it safe to simply replace the jars in the solr lib/ext folder with
version 2.16 or are they hardcoded in scripts or meta-inf files ?
Thanks
—
Ing. Andrea Vettori
Responsabile Sistemi Informativi
B2BIres s.r.l.
> On 15 Dec 2021, at 17:32, Shawn Heisey wrote:
>
> On 12/14/21 10:55 PM,
That is fixed in log4j 2.16.0, included in Solr 8.11.1.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Dec 15, 2021, at 4:40 AM, e_bri...@videotron.ca wrote:
>
> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has
> re
On 12/14/21 10:55 PM, Soh Jia Yu, Eunice wrote:
We've implemented this step "Otherwise, remove the JndiLookup class from the classpath:
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class" from
https://logging.apache.org/log4j/2.x/security.html for /server/lib/ext.
On 12/15/21 12:57 AM, Bernd Fehling wrote:
To get away from the Oracle License by switching from Java 8 to
OpenJDK 8, do you have any observations or measurements?
What I have seen says that OpenJDK 8 is solid. In the last few years, I
have not had first-hand access to large-scale Solr insta
Hi,
We've implemented this step "Otherwise, remove the JndiLookup class from the
classpath: zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class" from
https://logging.apache.org/log4j/2.x/security.html for
/server/lib/ext.
We would like to check if
/contrib/promet
Keep in mind that you can have more than one log4j-core-*.jar to patch.
In my case:
/opt/solr-8.4.0/server/lib/ext/log4j-core-2.11.2.jar
/opt/solr-8.4.0/contrib/prometheus-exporter/lib/log4j-core-2.11.2.jar
Thomas
Op wo 15 dec. 2021 om 13:52 schreef Bernd Fehling <
bernd.fehl...@uni-bielefeld.de
>
> Is there already an Idea when 8.11.1 is supposed to be released ?
This was discussed yesterday. Check the archives for the full explanation.
Short version: can’t give a definite date but it will be no sooner than a week
from now.
Hi everyone,
Does anyone know if Solr 3.6.1 supports FIPS 140-2?
Thanks
Steve
Is there already an Idea when 8.11.1 is supposed to be released ?
Jens Viebig
Software Developer
o:
+49 4307 8358 0
f:
+49 4307 8358 699
jens.vie...@vitec.com
www.vitec.com
Legal Notice
Unless expressly stated otherwise, this message is confidential and may be
privileged. It is intended for th
Thanks,
We still used LRUCache in our config which seems to be deprecated, updating the
config to use CaffeineCache seems to do the trick.
Best Regards
Jens
Jens Viebig
Software Developer
o:
+49 4307 8358 0
f:
+49 4307 8358 699
jens.vie...@vitec.com
www.vitec.com
Legal Notice
Unless expressl
We just upgraded to log4j2-2.16. It disables jndi lookups altogether by
default.
-Rahul
On Wed, Dec 15, 2021 at 7:40 AM wrote:
> Hi all,
>
> Looks like we are not done with log4j security problems. Someone has
> recommendations about CVE-2021-45046?
>
> Eric Briere
>
Isn't the example with "zip -q -d ..." as reported in the CVE not working for
you?
Regards
Bernd
Am 15.12.21 um 13:40 schrieb e_bri...@videotron.ca:
Hi all,
Looks like we are not done with log4j security problems. Someone has
recommendations about CVE-2021-45046?
Eric Briere
Hi all,
Looks like we are not done with log4j security problems. Someone has
recommendations about CVE-2021-45046?
Eric Briere
Hello, Jens.
Have you considered turning async=true for the cache?
On Wed, Dec 15, 2021 at 1:49 PM Jens Viebig wrote:
> Hi List,
> Since upgrading from solr 8.8.2 to 8.11.0 we get the following error
> message:
>
> Using join queries with synchronous filterCache is not supported! Details
> can b
Hi List,
Since upgrading from solr 8.8.2 to 8.11.0 we get the following error message:
Using join queries with synchronous filterCache is not supported! Details can
be found in Solr Reference Guide under 'query-settings-in-solrconfig'.
Looking at the commit history this was recently added:
https
Dear solr community,
I would like to create two users in solr: An admin and a dev.
The dev should not be able to edit the solr metadata. This user should
not be able to use solr.add or solr delete, I would like him only to be
able to use solr.search for our metadata solr-core (in python pysolr)
To unsubscribe, see https://solr.apache.org/community.html#mailing-lists-chat
Jan
> 15. des. 2021 kl. 04:30 skrev John Eberly :
>
> unsubscribe
>
>
> On Mon, Dec 13, 2021 at 8:53 AM Walter Underwood
> wrote:
>
>> Zookeeper 3.5.7 uses log4j 1.x, so is not vulnerable. I checked.
>>
>> wunder
25 matches
Mail list logo
