Thank you for the reply. *Thanks,* *Reej*
On Sun, Dec 12, 2021 at 12:38 PM Walter Underwood <wun...@wunderwood.org> wrote: > Solr 4 does NOT have the vulnerability. You do not have to do anything. > > From the Solr Security page: > > 2021-12-10, Apache Solr affected by Apache Log4J CVE-2021-44228 > > Severity: Critical > > Versions Affected: 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 > > https://solr.apache.org/security.html < > https://solr.apache.org/security.html> > > Solr 4 is before Solr 7.4, so it is not affected by this problem. > > wunder > Walter Underwood > wun...@wunderwood.org > http://observer.wunderwood.org/ (my blog) > > > On Dec 11, 2021, at 8:28 PM, Reej Nayagam <reej...@gmail.com> wrote: > > > > Thank you for your reply. > > > > It mentions Dlog4j2 but with solr4 it is log4j1.2.17 > > Can we use this command > > > > - -*Dlog4j2*.formatMsgNoLookups=true > > > > > > On Sun, 12 Dec 2021 at 12:03 PM, Raveendra Yerraguntla > > <raveend...@yahoo.com.invalid> wrote: > > > >> > >> - -Dlog4j2.formatMsgNoLookups=true > >> > >> > >> restart jvm with the above param and should work. > >> > >> > >> > >> > >> > >> On Saturday, December 11, 2021, 09:51:54 PM EST, Reej Nayagam < > >> reej...@gmail.com> wrote: > >> > >> Hi All, > >> > >> In production we are using solr4 which uses log4j-1.2.17.jar. > >> > >> Can someone say the mitigation option for solr4 > >> > >> Thanks > >> Reej > >> -- > >> *Thanks,* > >> *Reej* > >> > > > > -- > > *Thanks,* > > *Reej* > >
