[solr-site] branch main updated: Log4j: Solr's docker images are mitigated. (#54)

Mon, 13 Dec 2021 16:43:11 -0800 

This is an automated email from the ASF dual-hosted git repository.

dsmiley pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git


The following commit(s) were added to refs/heads/main by this push:
     new ef48ede  Log4j: Solr's docker images are mitigated. (#54)
ef48ede is described below

commit ef48ede301c3bd532b236ce2847a6e15665b7c8c
Author: David Smiley <[email protected]>
AuthorDate: Mon Dec 13 19:43:00 2021 -0500

    Log4j: Solr's docker images are mitigated. (#54)
---
 content/solr/security/2021-12-10-cve-2021-44228.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/solr/security/2021-12-10-cve-2021-44228.md 
b/content/solr/security/2021-12-10-cve-2021-44228.md
index e34e6f9..98e786e 100644
--- a/content/solr/security/2021-12-10-cve-2021-44228.md
+++ b/content/solr/security/2021-12-10-cve-2021-44228.md
@@ -19,6 +19,7 @@ The Prometheus Exporter Contrib is similarly separately 
affected.
 Any of the following are enough to prevent this vulnerability for Solr servers:
 
 * Upgrade to `Solr 8.11.1` or greater (when available), which will include an 
updated version of the log4j2 dependency.
+* If you are using Solr's official docker image, no matter the version, it has 
already been mitigated.  You may need to re-pull the image.
 * Manually update the version of log4j2 on your runtime classpath and restart 
your Solr application.
 * (Linux/MacOS) Edit your `solr.in.sh` file to include:
   `SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"`
@@ -29,6 +30,7 @@ Any of the following are enough to prevent this vulnerability 
for Solr servers:
 The vulnerability in the Prometheus Exporter Contrib can be mitigated by any 
of the following:
 
 * Upgrade to `Solr 8.11.1` or greater (when available), which will include an 
updated version of the log4j2 dependency.
+* If you are using Solr's official docker image, no matter the version, it has 
already been mitigated.  You may need to re-pull the image.
 * Manually update the version of log4j2 on your runtime classpath and restart 
your Solr application.
 * Edit your `solr-exporter` script to include:
   `JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"`

Reply via email to