This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 822b421 Automatic Site Publish by Buildbot
822b421 is described below
commit 822b4212fe2313ebad68873b929a34b759d0285b
Author: buildbot <[email protected]>
AuthorDate: Fri Dec 10 22:44:02 2021 +0000
Automatic Site Publish by Buildbot
---
output/feeds/all.atom.xml | 2 +-
output/feeds/solr/security.atom.xml | 2 +-
output/news.html | 2 +-
output/security.html | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 4303c64..4ac08bc 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -10,7 +10,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.0 (i.e. all Solr 5 and Solr 6
releases) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations. To determine you if you are vulnerable
please consult the Log4J security page.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately
affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index a1c7a99..55b8116 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -10,7 +10,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.0 (i.e. all Solr 5 and Solr 6
releases) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations. To determine you if you are vulnerable
please consult the Log4J security page.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately
affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/news.html b/output/news.html
index 6f665f4..9e6f262 100644
--- a/output/news.html
+++ b/output/news.html
@@ -141,7 +141,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.0 (i.e. all Solr 5 and Solr 6 releases) use
log4j 1.2.17 which may be vulnerable for installations using non-default
logging configurations. To determine you if you are vulnerable please consult
the Log4J security page.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/security.html b/output/security.html
index f55040f..66b0a4b 100644
--- a/output/security.html
+++ b/output/security.html
@@ -225,7 +225,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.0 (i.e. all Solr 5 and Solr 6 releases) use
log4j 1.2.17 which may be vulnerable for installations using non-default
logging configurations. To determine you if you are vulnerable please consult
the Log4J security page.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
