[
https://issues.apache.org/jira/browse/SOLR-15872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-15872.
--------------------------------
Resolution: Information Provided
Yes that will work. Just download the 2.17.0 version of all the log4j-* jars
and replace them in your install. You can easily validate this on a dev
environment. Closing. Please use the
[us...@solr.apache.org|mailto:us...@solr.apache.org] mailing list for followup
discussions. Jira is only for bug reports.
> Update Log4J JAR file
> ---------------------
>
> Key: SOLR-15872
> URL: https://issues.apache.org/jira/browse/SOLR-15872
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Rajath Banagi Ravindra
> Priority: Blocker
>
> Hi All,
> Currently our application uses Solr 7.5 version which uses Log4j 2.11.0 in
> it. It is vulnerable version of Log4J.
> To avoid vulnerability, Can we just update Log4j JAR file(2.11.0 version) in
> server/lib/ext folder with a new version of Log4J JAR file instead of
> updating Solr. Will this work?
> Regards-Rajath
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
