We simply deleted the earlier versions of the log4j jars from the server/lib/ext folder and replaced them with 2.17.1 versions, and restarted Solr.
Works normally > On 11 Mar 2022, at 13:29, Heller, George A III CTR (USA) > <george.a.heller2....@mail.mil.invalid> wrote: > > We have a Solr 8.11.1 installation we are getting ready to deploy to > production. > Our security people sent a finding that log4js 2.16.0 is vulnerable to a DOS > attack so we either want to upgrade Sole to a newer release or upgrade log4 > to 2.17.0 > I see that there is no current release of Solr newer than 8.11.1 which we > already have and I see some talk of an Apache log4j patch that will upgrade > log4js to 2.17.0. > I have not yet found a link to get the log4j patch or information on how to > implement the upgrade. > > Any help on how to accomplish this would be greatly appreciated. > > Thanks, > George Heller >
