Hello, According to https://issues.apache.org/jira/browse/SOLR-15871, Solr is not affected by the latest CVEs. The main branch contains Log4j 2.17.1 in any case: https://github.com/apache/solr/pull/489.
Regards, On Mon, Jan 10, 2022 at 5:42 PM Flowerday, Matthew J < matthew.flower...@gb.unisys.com> wrote: > Hi There > > > > I notice that in solr 8.11.1 the version of log4j is 2.16 from the defect > > > > SOLR-15843: Update Log4J to 2.16 > > > > There is now a log4j version 2.17 and a version 2.17.1. Do any of the > fixes in these versions require fixes in solr or is solr 8.11.1 still ok? > > > > Many Thanks > > > > Matthew > > > > *Matthew Flowerday* | Consultant | ULEAF > > Unisys | 01908 774830| matthew.flower...@unisys.com > > Address Enigma | Wavendon Business Park | Wavendon | Milton Keynes | MK17 > 8LX > > > > [image: unisys_logo] <http://www.unisys.com/> > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all devices. > > [image: Grey_LI] <http://www.linkedin.com/company/unisys> [image: > Grey_TW] <http://twitter.com/unisyscorp> [image: Grey_YT] > <http://www.youtube.com/theunisyschannel>[image: Grey_FB] > <http://www.facebook.com/unisyscorp>[image: Grey_Vimeo] > <https://vimeo.com/unisys>[image: Grey_UB] <http://blogs.unisys.com/> > > > -- Damiano Albani
