Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15871

Update Log4J2 version to 2.17.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 9.0, 8.11.2
    • None
    • None

    Description

      Upgrade log4j even if Solr is not affected by the latest CVE. Main reason to upgrade is so that the next Solr release will no longer produce false positives in primitive security scanner tools for log4j.

      Original report:

      High security vulnerability in Log4J - CVE-2021-45105 bundled with Solr 
      https://nvd.nist.gov/vuln/detail/CVE-2021-45105

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. SOLR-15900 Upgrade log4j to 2.17.1

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Task - A task that needs to be done. SOLR-15889 Upgrade to Log4j 2.17.1

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #489

          Web Link GitHub Pull Request #2635

          Activity

            People

              janhoy Jan Høydahl
              weidong weidong
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m