Please see https://solr.apache.org/security.html [https://solr.apache.org/theme/images/solr_og_image.png?v=4dd59757]<https://solr.apache.org/security.html> Solr™ Security News - Apache Solr<https://solr.apache.org/security.html> Solr ™ Security News¶ How to report a security issue. If you believe you have discovered a vulnerability in Solr, you may first want to consult the list of known false positives to make sure you are reporting a real vulnerability. Then please disclose responsibly by following these ASF guidelines for reporting.. You may file your request by email to [email protected]. solr.apache.org To quote from there:
| Solr is not vulnerable to the followup CVE-2021-45046 and CVE-2021-45105. ________________________________ From: Ramila Herath <[email protected]> Sent: Thursday, 24 February 2022 05:25 To: [email protected] <[email protected]> Subject: Log4J DoS Vulnerability: CVE-2021-45105 External e-mail. Hi; Can this vulnerability to exploited in Solr 8.11.1? solr 8.11.1 has log4j 2.16 but I couldn’t find a log4j.properties files in the distribution setting a non-default layout pattern (with or without context lookup). Any idea when Solr would do a release with log4j 2.17.1? Thanks in advance Regards, Ramila Herath (he/him) Senior Software Architect | Experience Framework [cid:[email protected]]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fifs.biz%2Fifs-website&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=KcZey5X7kfMZwinScd1iufjHEmxgp7LzkD2QVAcLmRg%3D&reserved=0> +94 11 236 44 00 18th Floor, Orion Towers, 736, Dr. Danister De Silva Mawatha, Colombo 00900, SRI LANKA [cid:[email protected]]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fifs.biz%2Fifs-linkedin&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=mlW%2BprNOc8PodHXmbqr6xTpKj1CjWuVWeuHt5H0G1xw%3D&reserved=0> [cid:[email protected]] <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fifs.biz%2Fifs-twitter&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=PZx36RzIv0ilseQ4fYOswd8RtBWQy57tk462kHMmRs4%3D&reserved=0> [A close up of a sign Description automatically generated] <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fifs.biz%2Finstagram&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Uh9sMcSZn2BxM4tfWrU2zX5WcpYDbKeq%2Fz9yYjbNmrI%3D&reserved=0> [cid:[email protected]] <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fifs.biz%2Findustry-analyst-research&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=5xqk4rdvx2gQbP32iD9aQHv0l7enefdSi3gL9FRB8bY%3D&reserved=0> [A picture containing graphical user interface Description automatically generated]<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ifs.com%2Fcorp%2Fnews-and-events%2Fevents%2Fifs-cloud%2F%3Futm_campaign%3Difs%2Bcloud%2Blaunch%26utm_medium%3Demail%26utm_source%3Doutlook%2Bifs%2Bemail%2Bsignature%26utm_content%3Dmarch%2B2021%26utm_term%3D%26sc_camp%3D&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=u1GcWbXc51Gjps9Xk%2FXchlQY2jWrbvigaTnxpeQKuM0%3D&reserved=0> [A picture containing shape Description automatically generated] <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ifs.com%2Fnews-and-events%2Fsustainability%2F%3Futm_campaign%3Dchange%2Bfor%2Bgood%26utm_medium%3Demail%26utm_source%3Difs.com%26utm_content%3Dsignature%26utm_term%3D%26sc_camp%3D&data=04%7C01%7Cawi%40stibodx.com%7Cd13655ab142347de1f6908d9f75d56e0%7Cf3b7525342144a54b05256ac6906ae80%7C1%7C1%7C637812802529331817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=yOrimvjyv8ysxmH2CWXr89Av%2FYwp3qj6dRn5wy8IxK8%3D&reserved=0> IFS World Operations AB is a private liability company registered in Sweden. Corporate identity number: 556040-6042. Registered office: Teknikringen 5, Box 1545, SE-581 15 Linköping. ________________________________ Confidentiality notice and disclaimer This e-mail is private and may contain confidential information. You must not use, disclose, or retain any of its content if you have received it in error: please notify its sender and then delete it. Any views or opinions expressed in this e-mail are strictly those of its author. We do not accept liability for the consequences of any data corruption, interception, tampering, or virus.
