log4j 1.x does not have the vulnerability, so you do not need to patch 6.6.3.
If you want a current, non-vulnerable log4j library, you will need to upgrade to Solr 8.11.1. wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Dec 11, 2021, at 3:34 AM, Woei Jong Yoon <woeij...@xtremax.com> wrote: > > Hi All, > > Currently Solr version 6.6.3 are using log4j library with version 1.2.17. > > If we plan to update the log4j library version to 2.15 due the log4j library > is end of support. > > May we check that Solr 6.6.3 able to support it? > > Additional advice will be appreciated. > > Thank you. > > Regards, > Yoon Woei Jong > > > www.xtremax.com<http://www.xtremax.com/> l 114 Lavender Street #08-93 CT > Hub 2 Singapore 338729 > > > CONFIDENTIALITY NOTICE: > > The contents of this email message and any attachments are intended solely > for the addressee(s) and may contain confidential and/or privileged > information and may be legally protected from disclosure. If you are not the > intended recipient of this message or their agent, or if this message has > been addressed to you in error, please immediately alert the sender by reply > e-mail and then delete this message and any attachments. If you are not the > intended recipient, you are hereby notified that any use, dissemination, > copying, or storage of this message or its attachments is strictly prohibited.
