This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/solr-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 8902298 Automatic Site Publish by Buildbot
8902298 is described below
commit 890229814c129f9a78355a17384022eb0125a91c
Author: buildbot <[email protected]>
AuthorDate: Thu Dec 23 14:06:51 2021 +0000
Automatic Site Publish by Buildbot
---
output/feeds/all.atom.xml | 2 +-
output/feeds/solr/security.atom.xml | 2 +-
output/news.html | 2 +-
output/security.html | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 87f074b..76817a8 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -59,7 +59,7 @@ Critical</p>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use Log4J 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126">https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>Solr's Prometheus Exporter uses Log4J as well but it does not log
user input or data, so we don't see a risk there.</p>
-<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and
<strong>CVE-2021-45105</strong>. A listing of these and other CVEs
with some justifications are listed in Solr's wiki:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</p>
+<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and
<strong>CVE-2021-45105</strong>. A listing of these and other CVEs
with some justifications are listed in Solr's wiki: <a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools">https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</a>
[...]
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
<ul>
diff --git a/output/feeds/solr/security.atom.xml
b/output/feeds/solr/security.atom.xml
index 987daa7..52e9d2a 100644
--- a/output/feeds/solr/security.atom.xml
+++ b/output/feeds/solr/security.atom.xml
@@ -33,7 +33,7 @@ Critical</p>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7
through 7.3) use Log4J 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126">https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>Solr's Prometheus Exporter uses Log4J as well but it does not log
user input or data, so we don't see a risk there.</p>
-<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and
<strong>CVE-2021-45105</strong>. A listing of these and other CVEs
with some justifications are listed in Solr's wiki:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</p>
+<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and
<strong>CVE-2021-45105</strong>. A listing of these and other CVEs
with some justifications are listed in Solr's wiki: <a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools">https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</a>
[...]
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
<ul>
diff --git a/output/news.html b/output/news.html
index dd7e9b8..b8663ef 100644
--- a/output/news.html
+++ b/output/news.html
@@ -192,7 +192,7 @@ Critical</p>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use Log4J 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126";>https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>Solr's Prometheus Exporter uses Log4J as well but it does not log user
input or data, so we don't see a risk there.</p>
-<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and <strong>CVE-2021-45105</strong>. A listing
of these and other CVEs with some justifications are listed in Solr's wiki:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</p>
+<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and <strong>CVE-2021-45105</strong>. A listing
of these and other CVEs with some justifications are listed in Solr's wiki: <a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools";>https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</a></p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
<ul>
diff --git a/output/security.html b/output/security.html
index 6cc277a..85e5f74 100644
--- a/output/security.html
+++ b/output/security.html
@@ -248,7 +248,7 @@ Critical</p>
Apache Solr releases prior to 8.11.1 were using a bundled version of the
Apache Log4J library vulnerable to RCE. For full impact and additional detail
consult the Log4J security page.</p>
<p>Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 through
7.3) use Log4J 1.2.17 which may be vulnerable for installations using
non-default logging configurations that include the JMS Appender, see <a
href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126";>https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</a>
for discussion.</p>
<p>Solr's Prometheus Exporter uses Log4J as well but it does not log user
input or data, so we don't see a risk there.</p>
-<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and <strong>CVE-2021-45105</strong>. A listing
of these and other CVEs with some justifications are listed in Solr's wiki:
https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</p>
+<p>Solr is <em>not</em> vulnerable to the followup
<strong>CVE-2021-45046</strong> and <strong>CVE-2021-45105</strong>. A listing
of these and other CVEs with some justifications are listed in Solr's wiki: <a
href="https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools";>https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools</a></p>
<p><strong>Mitigation:</strong>
Any of the following are enough to prevent this vulnerability for Solr
servers:</p>
<ul>
