On 12/30/2021 1:39 AM, Iqrar Aminullah wrote:
Hi, We are User of Solr 6.6.3 along with Sitecore. Currently my team decided to remove the log4j 1.2.17 in Solr 6.6.3 to mitigate the recent vulnerability issues. I created a Jira ticket, but David Smiley told me to send an email instead.
As Walter has stated, Solr 6.x is not vulnerable to any of the log4j vulnerabilities.
The only way it would be vulnerable is if you have changed the log4j config so it uses the JMS Appender. Have you done that? If not, then your 6.6.3 installation is not vulnerable.
Thanks, Shawn
