Please do not create another JIRA, it is already committed, just waiting on the 8.11.2 release.
https://issues.apache.org/jira/browse/SOLR-15871 The suggestion across multiple threads in the users list has been to remove the log4j jar, and replace it with the 2.17.1 jar, which will pass security checks. On Wed, Mar 23, 2022 at 5:53 PM Ishan Chattopadhyaya < ichattopadhy...@gmail.com> wrote: > And feel free to open a new JIRA for this log4j upgrade, it will get picked > up in 8.11.2 (whenever someone gets time to release it). > > On Thu, Mar 24, 2022 at 3:18 AM Ishan Chattopadhyaya < > ichattopadhy...@gmail.com> wrote: > > > Here's the issue where Log4J was upgraded. You can look at the pull > > request there to find out what you need to change. After that, you can > > build your own Solr binaries for your use (fix in > > github.com/apache/lucene-solr's branch_8_11 and build using "ant > > ivy-bootstrap; cd solr; ant package" which will generate a .tgz file). > > https://issues.apache.org/jira/browse/SOLR-15843 > > > > On Thu, Mar 24, 2022 at 12:42 AM Andy Lester <a...@petdance.com> wrote: > > > >> Go to the https://solr.apache.org/security.html URL and you will find > >> instructions there on what to do. > >> > >> Andy > > > > >
