[ https://issues.apache.org/jira/browse/SOLR-15872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-15872. -------------------------------- Resolution: Information Provided Yes that will work. Just download the 2.17.0 version of all the log4j-* jars and replace them in your install. You can easily validate this on a dev environment. Closing. Please use the [us...@solr.apache.org|mailto:us...@solr.apache.org] mailing list for followup discussions. Jira is only for bug reports. > Update Log4J JAR file > --------------------- > > Key: SOLR-15872 > URL: https://issues.apache.org/jira/browse/SOLR-15872 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Rajath Banagi Ravindra > Priority: Blocker > > Hi All, > Currently our application uses Solr 7.5 version which uses Log4j 2.11.0 in > it. It is vulnerable version of Log4J. > To avoid vulnerability, Can we just update Log4j JAR file(2.11.0 version) in > server/lib/ext folder with a new version of Log4J JAR file instead of > updating Solr. Will this work? > Regards-Rajath -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org