This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 48a83ea Automatic Site Publish by Buildbot
48a83ea is described below
commit 48a83ead0da6ccdeddadb7e56a341ea54da42b70
Author: buildbot <[email protected]>
AuthorDate: Sat Dec 11 00:47:12 2021 +0000
Automatic Site Publish by Buildbot
---
output/feeds/all.atom.xml | 2 +-
output/feeds/solr/security.atom.xml | 2 +-
output/news.html | 2 +-
output/security.html | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 4ac08bc..7a9fb08 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -10,7 +10,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126">https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately
affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index 55b8116..3324b2e 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -10,7 +10,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126">https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately
affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/news.html b/output/news.html
index 9e6f262..2a9f0d3 100644
--- a/output/news.html
+++ b/output/news.html
@@ -141,7 +141,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126";>https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
diff --git a/output/security.html b/output/security.html
index 66b0a4b..7ba1b7b 100644
--- a/output/security.html
+++ b/output/security.html
@@ -225,7 +225,7 @@ Critical</p>
7.4.0 to 7.7.3, 8.0.0 to 8.11.0</p>
<p><strong>Description:</strong>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
-<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 for
discussion.</p>
+<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use log4j 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126";>https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>The Prometheus Exporter Contrib is similarly separately affected.</p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
