You can download log4j at https://logging.apache.org/log4j/2.x/download.html
When replacing the jar files, you will also need to restart your services. On Tue, Dec 14, 2021 at 9:30 AM Manisha Rahatadkar < manisha.rahatad...@anjusoftware.com> wrote: > Hello all > > > > We are using Apache Solr 7.7.0, 8.7 and 8.9 on Windows and Linux > environment. What mitigation option do we need to take for this > vulnerability? > > Where to get the log4j2? Can we just replace the log4j* files in > solr-8.7.0\server\lib\ext folder? Will it work? > > > > https://solr.apache.org/security.html > > > > > > Thank you in advance. > > > > Regards > > Manisha > > > > > > *Confidentiality Notice ==================== This email message, including > any attachments, is for the sole use of the intended recipient and may > contain confidential and privileged information. Any unauthorized view, > use, disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all copies > of the original message. Anju Software, Inc. 4500 S. Lakeshore Drive, Suite > 620, Tempe, AZ USA 85282.* >
