Solr 4 does NOT have the vulnerability. You do not have to do anything. From the Solr Security page:
2021-12-10, Apache Solr affected by Apache Log4J CVE-2021-44228 Severity: Critical Versions Affected: 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 https://solr.apache.org/security.html <https://solr.apache.org/security.html> Solr 4 is before Solr 7.4, so it is not affected by this problem. wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On Dec 11, 2021, at 8:28 PM, Reej Nayagam <reej...@gmail.com> wrote: > > Thank you for your reply. > > It mentions Dlog4j2 but with solr4 it is log4j1.2.17 > Can we use this command > > - -*Dlog4j2*.formatMsgNoLookups=true > > > On Sun, 12 Dec 2021 at 12:03 PM, Raveendra Yerraguntla > <raveend...@yahoo.com.invalid> wrote: > >> >> - -Dlog4j2.formatMsgNoLookups=true >> >> >> restart jvm with the above param and should work. >> >> >> >> >> >> On Saturday, December 11, 2021, 09:51:54 PM EST, Reej Nayagam < >> reej...@gmail.com> wrote: >> >> Hi All, >> >> In production we are using solr4 which uses log4j-1.2.17.jar. >> >> Can someone say the mitigation option for solr4 >> >> Thanks >> Reej >> -- >> *Thanks,* >> *Reej* >> > > -- > *Thanks,* > *Reej*
