Hi, We've implemented this step "Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class" from https://logging.apache.org/log4j/2.x/security.html for <solr_dir>/server/lib/ext.
We would like to check if <solr_dir>/contrib/prometheus-exporter/lib/log4j-core-2.13.2.jar needs to be mitigated in this manner as well, assuming two different solutions: 1) we use Prometheus for solr, and 2) we do not use Prometheus for solr? Kind regards, Eunice ________________________________ CONFIDENTIALITY: This email is intended solely for the person(s) named and may be confidential and/or privileged. If you are not the intended recipient, please delete it, notify us and do not copy, use, or disclose its contents. Towards a sustainable earth: Print only when necessary. Thank you.
