mario-canva commented on pull request #454: URL: https://github.com/apache/solr/pull/454#issuecomment-993998543
The [Apache log4j security advisory](https://logging.apache.org/log4j/2.x/security.html) was updated recently stating the flag `-Dlog4j2.formatMsgNoLookups=true` is not a sufficient mitigation for log4j versions below 2.15.0. Which is the case for Solr 7.7.3 and below, so the [Solr advisory](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) also needs to be updated. What other possible mitigations we can use for Solr 7.7.3? Any chances to get a patch for this version as well? I know it is stated [out of maintenance](https://github.com/apache/solr/pull/454#issuecomment-990987372) but a patch it would really go a long way in helping people to mitigate this vulnerability. Let me know if create a PR helps in getting a patch moving and I will raise one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
