Log4j2 is not a simple upgrade of log4j(1), in fact, it is a completely new library.
Although I'm not 100% sure about how Solr uses log4j, in most cases it is not a simple plug and play. If you are concerned about the 0-day vulnerability, see the link below. >From my understanding, the vulnerability only affected log4j2 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 On Sat, Dec 11, 2021, 1:49 PM Woei Jong Yoon <woeij...@xtremax.com> wrote: > Hi All, > > Currently Solr version 6.6.3 are using log4j library with version 1.2.17. > > If we plan to update the log4j library version to 2.15 due the log4j > library is end of support. > > May we check that Solr 6.6.3 able to support it? > > Additional advice will be appreciated. > > Thank you. > > Regards, > Yoon Woei Jong > > > www.xtremax.com<http://www.xtremax.com/> l 114 Lavender Street > #08-93 CT Hub 2 Singapore 338729 > > > CONFIDENTIALITY NOTICE: > > The contents of this email message and any attachments are intended solely > for the addressee(s) and may contain confidential and/or privileged > information and may be legally protected from disclosure. If you are not > the intended recipient of this message or their agent, or if this message > has been addressed to you in error, please immediately alert the sender by > reply e-mail and then delete this message and any attachments. If you are > not the intended recipient, you are hereby notified that any use, > dissemination, copying, or storage of this message or its attachments is > strictly prohibited. >
