mario-canva commented on pull request #454:
URL: https://github.com/apache/solr/pull/454#issuecomment-994146862
Understood. I still think pays off being a bit conservative here, it is a
critical CVE after all and the log4j team stated other attack vectors may be
possible (beyond the ones t
mario-canva commented on pull request #454:
URL: https://github.com/apache/solr/pull/454#issuecomment-994124565
Thanks @uschindler appreciate the quick response! However, their advisory
also states other attack vectors may be possible:
--
This is an automated message from the Apache Git
mario-canva commented on pull request #454:
URL: https://github.com/apache/solr/pull/454#issuecomment-993998543
The [Apache log4j security
advisory](https://logging.apache.org/log4j/2.x/security.html) was updated
recently stating the flag `-Dlog4j2.formatMsgNoLookups=true` is not a
suffic
