This is an automated email from the ASF dual-hosted git repository.
janhoy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/main by this push:
new 9d58b48 Clarify what docker versions are patched
new 1330065 Merge pull request #57 from janhoy/log4j-docker-only-supported
9d58b48 is described below
commit 9d58b480c29a93d9460b11de1dff1368c6a90f6d
Author: Jan Høydahl <[email protected]>
AuthorDate: Wed Dec 15 09:14:08 2021 +0100
Clarify what docker versions are patched
---
content/solr/security/2021-12-10-cve-2021-44228.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/solr/security/2021-12-10-cve-2021-44228.md
b/content/solr/security/2021-12-10-cve-2021-44228.md
index 522e447..6b5ecf9 100644
--- a/content/solr/security/2021-12-10-cve-2021-44228.md
+++ b/content/solr/security/2021-12-10-cve-2021-44228.md
@@ -19,7 +19,7 @@ Solr's Prometheus Exporter uses Log4J as well but it does not
log user input or
Any of the following are enough to prevent this vulnerability for Solr servers:
* Upgrade to `Solr 8.11.1` or greater (when available), which will include an
updated version of the Log4J dependency.
-* If you are using Solr's official docker image, no matter the version, it has
already been mitigated. You may need to re-pull the image.
+* If you are using Solr's official docker image, it has already been mitigated
in all versions listed as supported on Docker Hub:
<https://hub.docker.com/_/solr>. You may need to re-pull the image.
* Manually update the version of Log4J on your runtime classpath and restart
your Solr application.
* (Linux/MacOS) Edit your `solr.in.sh` file to include:
`SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"`
