log4j 1.x does not have the vulnerability, so you do not need to patch 6.6.3.
If you want a current, non-vulnerable log4j library, you will need to upgrade
to Solr 8.11.1.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Dec 11, 2021, at 3:34 AM, Woe
Log4j2 is not a simple upgrade of log4j(1), in fact, it is a completely new
library.
Although I'm not 100% sure about how Solr uses log4j, in most cases it is
not a simple plug and play.
If you are concerned about the 0-day vulnerability, see the link below.
>From my understanding, the vulnerabi
Hi All,
Currently Solr version 6.6.3 are using log4j library with version 1.2.17.
If we plan to update the log4j library version to 2.15 due the log4j library is
end of support.
May we check that Solr 6.6.3 able to support it?
Additional advice will be appreciated.
Thank you.
Regards,
Yoon W
