We have a Solr 8.11.1 installation we are getting ready to deploy to production.
Our security people sent a finding that log4js 2.16.0 is vulnerable to a DOS attack so we either want to upgrade Sole to a newer release or upgrade log4 to 2.17.0 I see that there is no current release of Solr newer than 8.11.1 which we already have and I see some talk of an Apache log4j patch that will upgrade log4js to 2.17.0. I have not yet found a link to get the log4j patch or information on how to implement the upgrade. Any help on how to accomplish this would be greatly appreciated. Thanks, George Heller
smime.p7s
Description: S/MIME cryptographic signature
