That is the case here at Adobe. Even though we have multiple mitigations in
place for Solr (configuration, Java 11), we will be required to upgrade to
Log4J version 2.17.
From: Gus Heck
Reply-To: "dev@solr.apache.org"
Date: Tuesday, December 21, 2021 at 1:21 PM
To: "dev@solr.apache.org"
Subje
It looks like this affects Solr versions >= 7.4. Am I reading this correctly?
References:
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
https://help.aliyun.com/noticelist/articleid/1060971232.html
