Re: Reg CVE 2021-44832

On 9/5/23 23:10, ramkrishna vasudevan wrote: Clearly says this vulnerability is not affected in 7.4 to 8.11.1 but the affected components are 'log4j-core-2.14.1.jar, log4j-core-2.16.0.jar'. So does that mean that if we are with log4j-core-2.17.0.jar then this vulnerability needs to be fixed? Or

Reg CVE 2021-44832

Hi All, We are internally using Solr 7.5. As part of the zero day log4j vulnerability we already moved the log4j to 2.17.0 version in the solr component. Now the tools that we run internally flags CVE-2021-44832 . But the Solr security page https:/