nosvalds commented on issue #384: URL: https://github.com/apache/solr-operator/issues/384#issuecomment-993637415
Does anyone know if the `SolrPrometheusExporter` resource is also affected? This line from the [newspost](https://solr.apache.org/news.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) on the Solr website made me think it could be: > The vulnerability in the Prometheus Exporter Contrib can be mitigated by any of the following: > - Upgrade to Solr 8.11.1 or greater (when available), which will include an updated version of the log4j2 dependency. >- Manually update the version of log4j2 on your runtime classpath and restart your Solr application. >- Edit your solr-exporter script to include: JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true" >- Follow any of the other mitgations listed at https://logging.apache.org/log4j/2.x/security.html It doesn't look like `spec.solrOpts` or `spec.javaOpts`is available on the `SolrPrometheusExporter`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
