On 12/30/2021 4:21 AM, Rajath Banagi Ravindra wrote:
While checking I came across the below. Looks like 1.2.X is also affected so we
upgraded the Log4J JAR file with V2.17.0, post upgrade solr is loading up fine
and search related features are working fine.
But Logging is not working and even the logging page is not loading and even
admin portal is not loading. Can anyone help me here.
There is no way in Solr 6.x to easily get the Logging tab of the admin
UI to work with Log4j2. The code that populates that part of the admin
UI was written very specifically for log4j 1.2.x. When Solr upgraded to
log4j2 in version 7.4.0, the part of the code that populates the Logging
tab of the admin UI had to be completely rewritten to use logj42.
I would not have expected the rest of the admin UI to have any problems
with the upgrade you have performed, but I do not really know much about
the admin UI implementation, so I could be wrong.
To get logging to work on Solr 6.x with an upgraded log4j would require
providing log4j2.xml and telling Java about its location in the Solr
startup. You can also find an example config file and info about how to
tell Java about it by downloading the latest Solr version. You'll find
log4j2.xml, as well as the bin/solr and bin\solr.cmd scripts that should
help you modify the script in your current installation so the
log4j2.xml location is provided.
I think it's probably better to go back to log4j 1.2, though.
Log4j 1.2 is only vulnerable if you have it configured using the JMS
Appender. I do not have any knowledge about what JMS is, but I would
imagine that if you are using it, you would probably know. Have you
configured the logging for Solr to use JMS? That would be very much a
non-default configuration. Solr's out-of-the-box logging configuration
uses a different appender, not JMS.
Thanks,
Shawn
