[
https://issues.apache.org/jira/browse/SOLR-15872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajath Banagi Ravindra updated SOLR-15872:
------------------------------------------
Description:
Hi All,
Currently our application uses Solr 7.5 version which uses Log4j 2.11.0 in it.
It is vulnerable version of Log4J.
To avoid vulnerability, Can we just update Log4j JAR file(2.11.0 version) in
server/lib/ext folder with a new version of Log4J JAR file instead of updating
Solr. Will this work?
Regards-Rajath
was:
Hi All,
We are using Solr 7.5, currently it is using Log4j 2.11.0.
Can we just update Log4j JAR file(2.11.0 version) in server/lib/ext folder with
a new version of Log4J JAR file instead of updating Solr. Will this work?
Regards-Rajath
> Update Log4J JAR file
> ---------------------
>
> Key: SOLR-15872
> URL: https://issues.apache.org/jira/browse/SOLR-15872
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Rajath Banagi Ravindra
> Priority: Blocker
>
> Hi All,
> Currently our application uses Solr 7.5 version which uses Log4j 2.11.0 in
> it. It is vulnerable version of Log4J.
> To avoid vulnerability, Can we just update Log4j JAR file(2.11.0 version) in
> server/lib/ext folder with a new version of Log4J JAR file instead of
> updating Solr. Will this work?
> Regards-Rajath
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
