I did not double check the exact version you are using. My comment about swapping libs with slf4j is valid in general.
However, you should be aware that both solr 6.x and log4j 1 are end of life and vulnerable in other ways, so an upgrade should be considered anyway. SiteCore can likely be made to work with newer Solr versions than the ones listed as “supported”, with some tweaks to the schema. Jan Høydahl > 1. jan. 2022 kl. 18:48 skrev Walter Underwood <wun...@wunderwood.org>: > > Solr 6.6.3 and log4j 1.2.17 are not vulnerable. You do not need to change > anything. > > wunder > Walter Underwood > wun...@wunderwood.org > http://observer.wunderwood.org/ (my blog) > >> On Dec 30, 2021, at 12:39 AM, Iqrar Aminullah <iqrar.aminul...@xtremax.com> >> wrote: >> >> >> Hi, We are User of Solr 6.6.3 along with Sitecore. Currently my team decided >> to remove the log4j 1.2.17 in Solr 6.6.3 to mitigate the recent >> vulnerability issues. I created a Jira ticket, but David Smiley told me to >> send an email instead. >> >> We tried to remove the Log4j library and place a Slf4j-jdk library onto the >> Solr Application. So far there has been no problems on Solr. To make sure >> that there is no problem, we decided to send this mail for advice. There are >> two questions we want to ask. >> 1. Will changing the library has an impact to the overall Solr performance? >> 2. Is there anything we can do to make sure the Solr is not vulnerable >> anymore by changing this library? >> 3. I was told by David in his comment that JUL isn’t working good. Is there >> any other logging library we can use aside from JUL for Solr 6.6.3? If there >> is, do you have any instructions on how to use the other library? >> >> Thank you for your Advice >> >> Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows >> >
