[jira] [Resolved] (SOLR-15900) Upgrade log4j to 2.17.1

Jira Fri, 07 Jan 2022 01:52:09 -0800


     [ 
https://issues.apache.org/jira/browse/SOLR-15900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jan Høydahl resolved SOLR-15900.
--------------------------------
    Resolution: Duplicate

Please search before opening a JIRA. Closing as duplicate of SOLR-15871 and 
SOLR-15889

> Upgrade log4j to 2.17.1
> -----------------------
>
>                 Key: SOLR-15900
>                 URL: https://issues.apache.org/jira/browse/SOLR-15900
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: logging
>    Affects Versions: 8.11.1
>            Reporter: Rahul Verma
>            Priority: Critical
>
> We should update to Log4j 2.17.1 to address 
> [CVE-2021-44832|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]:
>  Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls 
> configuration.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (SOLR-15900) Upgrade log4j to 2.17.1

Reply via email to