Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15871

Update Log4J2 version to 2.17.1

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 9.0, 8.11.2
    • None
    • None

    Description

      Upgrade log4j even if Solr is not affected by the latest CVE. Main reason to upgrade is so that the next Solr release will no longer produce false positives in primitive security scanner tools for log4j.

      Original report:

      High security vulnerability in Log4J - CVE-2021-45105 bundled with Solr 
      https://nvd.nist.gov/vuln/detail/CVE-2021-45105

      Attachments

        Issue Links

        is duplicated by

        Task - A task that needs to be done. SOLR-15900 Upgrade log4j to 2.17.1

        • Critical - Crashes, loss of data, severe memory leak.
        • Resolved

        Task - A task that needs to be done. SOLR-15889 Upgrade to Log4j 2.17.1

        • Major - Major loss of function.
        • Resolved
        links to

        Web Link GitHub Pull Request #489

        Web Link GitHub Pull Request #2635

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            janhoy Jan Høydahl
            weidong weidong
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 20m
                20m

                Slack

                  Issue deployment