Hi, I have a support question and was wondering if you can please help me.
I have Sorl version 6.3, I am trying to understand if I am vulnerable to the log4j issue. Solr(tm) Security News - Apache Solr<https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228> I looked on your site and it says "Description: Apache Solr releases prior to 8.11.1 were using a bundled version of the Apache Log4J library vulnerable to RCE. For full impact and additional detail consult the Log4J security page. Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through 7.3) use Log4J 1.2.17 which may be vulnerable for installations using non-default logging configurations that include the JMS Appender,". Can you please help me understand this. This means I am NOT vulnerable to the log4j issue? What does this mean exactly? "which may be vulnerable for installations using non-default logging configurations that include the JMS Appender? Thank you [cid:[email protected]]
