Hi Aman, While checking I came across the below. Looks like 1.2.X is also affected so we upgraded the Log4J JAR file with V2.17.0, post upgrade solr is loading up fine and search related features are working fine.
But Logging is not working and even the logging page is not loading and even admin portal is not loading. Can anyone help me here. CVE-2021-4104<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvd.nist.gov%2Fvuln%2Fdetail%2FCVE-2021-4104&data=04%7C01%7CRajath.Ravindra2%40mindtree.com%7C517ee4cf9eff48c57d2308d9c476605a%7C85c997b9f49446b3a11d772983cf6f11%7C0%7C0%7C637756835006373319%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4c4oid2oRtl0h6bFuHz4ZBt1D5uxB6U499maE3bXUps%3D&reserved=0> (CVSS score: 8.1) - An untrusted deserialization flaw affecting Log4j version 1.2 (No fix available; Upgrade to version 2.17.0) Regards Rajath From: Aman Tandon <amantandon...@gmail.com> Sent: Wednesday, December 29, 2021 7:36 PM To: users@solr.apache.org; Rajath Banagi Ravindra <rajath.ravind...@mindtree.com> Subject: Re: Solr 6.6.1 Log4J fix * This e-mail originated outside of Mindtree. Exercise caution before clicking links or opening attachments * You should be safe with log4j1.x version On Wed, 29 Dec 2021, 16:01 Rajath Banagi Ravindra, <rajath.ravind...@mindtree.com.invalid<mailto:rajath.ravind...@mindtree.com.invalid>> wrote: Hi, Currently our application uses Solr 6.6.1 version which uses Log4j version 1.2.17 in it. Can we upgrade it to new version of Log4J. Can we just update Log4j JAR file(1.2.17 version) with a new version of Log4J JAR file instead of updating Solr. Will this work? Kindly confirm. Regards-Rajath ________________________________ http://www.mindtree.com/email/disclaimer.html<https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.mindtree.com%2Femail%2Fdisclaimer.html&data=04%7C01%7Crajath.ravindra2%40mindtree.com%7C37a569f7782641e1a76708d9cad45a0f%7C85c997b9f49446b3a11d772983cf6f11%7C0%7C0%7C637763836508353983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZLNN3%2Fyaypzbp3d3CUjNw67dtPvlbkU73ASFsjNnMkg%3D&reserved=0>
