As pointed out by the author of log4j 1.x, the library is not susceptible to this attack the way log4j2 is. https://github.com/apache/logging-log4j2/pull/608#issuecomment-991380319
So you should be good. Rahul On Sat, Dec 11, 2021 at 9:51 PM Reej Nayagam <reej...@gmail.com> wrote: > Hi All, > > In production we are using solr4 which uses log4j-1.2.17.jar. > > Can someone say the mitigation option for solr4 > > Thanks > Reej > -- > *Thanks,* > *Reej* >