Unless other attack vectors are found, which are now noted in that same
section if you are running through Tomcat.
On 12/10/21 2:22 PM, Rahul Goswami wrote:
In addition to the mitigation strategies mentioned on the Solr page, the
below blog post indicates that you should be protected if you are using
Java 11.0.1 and up
https://www.lunasec.io/docs/blog/log4j-zero-day/
On Fri, Dec 10, 2021 at 3:07 PM Mike Drob <md...@mdrob.com> wrote:
Solr is affected. Please see the statement at the
https://solr.apache.org/security.html page
On Fri, Dec 10, 2021 at 12:44 PM Walter Underwood <wun...@wunderwood.org>
wrote:
Does all Solr logging go through slf4j? If so, that should protect
against
this vulnerability.
If not, who has tested Solr with log4j 2.15.1?
We are running 8.8.2.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
