Hi, We are User of Solr 6.6.3 along with Sitecore. Currently my team decided to remove the log4j 1.2.17 in Solr 6.6.3 to mitigate the recent vulnerability issues. I created a Jira ticket, but David Smiley told me to send an email instead.
We tried to remove the Log4j library and place a Slf4j-jdk library onto the Solr Application. So far there has been no problems on Solr. To make sure that there is no problem, we decided to send this mail for advice. There are two questions we want to ask. 1. Will changing the library has an impact to the overall Solr performance? 2. Is there anything we can do to make sure the Solr is not vulnerable anymore by changing this library? 3. I was told by David in his comment that JUL isn’t working good. Is there any other logging library we can use aside from JUL for Solr 6.6.3? If there is, do you have any instructions on how to use the other library? Thank you for your Advice Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows
