Solr 6.6.3 and log4j 1.2.17 are not vulnerable. You do not need to change anything.
wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Dec 30, 2021, at 12:39 AM, Iqrar Aminullah <iqrar.aminul...@xtremax.com> > wrote: > > > Hi, We are User of Solr 6.6.3 along with Sitecore. Currently my team decided > to remove the log4j 1.2.17 in Solr 6.6.3 to mitigate the recent vulnerability > issues. I created a Jira ticket, but David Smiley told me to send an email > instead. > > We tried to remove the Log4j library and place a Slf4j-jdk library onto the > Solr Application. So far there has been no problems on Solr. To make sure > that there is no problem, we decided to send this mail for advice. There are > two questions we want to ask. > 1. Will changing the library has an impact to the overall Solr performance? > 2. Is there anything we can do to make sure the Solr is not vulnerable > anymore by changing this library? > 3. I was told by David in his comment that JUL isn’t working good. Is there > any other logging library we can use aside from JUL for Solr 6.6.3? If there > is, do you have any instructions on how to use the other library? > > Thank you for your Advice > > Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows >
