uschindler commented on pull request #454: URL: https://github.com/apache/solr/pull/454#issuecomment-991006777
> Release notes or the security page on the site (or both?) > > Solr 7 is affected but AFAICT Solr 5 and 6 are not because they use log4j 1.2.17 I would maybe do both. Let's add a notice with the fix to our news list (under security) and add the release note later when we publish a release. In addition, depending on your configuration (not the default), log4j v1 is also affected. Theres a special appender doing the same style of JNDI stuff: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
