On 2/23/2022 9:25 PM, Ramila Herath wrote:
Can this vulnerability to exploited in Solr 8.11.1? solr 8.11.1 has
log4j 2.16 but I couldn’t find a log4j.properties files in the
distribution setting a non-default layout pattern (with or without
context lookup). Any idea when Solr would do a release
ail to secur...@solr.apache.org.
solr.apache.org
To quote from there:
| Solr is not vulnerable to the followup CVE-2021-45046 and CVE-2021-45105.
From: Ramila Herath
Sent: Thursday, 24 February 2022 05:25
To: users@solr.apache.org
Subject: Log4J DoS Vulnerability: CV
Hi;
Can this vulnerability to exploited in Solr 8.11.1? solr 8.11.1 has log4j 2.16
but I couldn't find a log4j.properties files in the distribution setting a
non-default layout pattern (with or without context lookup). Any idea when Solr
would do a release with log4j 2.17.1?
Thanks in advance
