Heads up:
Seems like there's a pretty severe remote code execution vulnerability
[1] in Log4J. Basically any application that uses log4j and that allows
user input to be injected into a logging string is susceptible. This
probably includes Solr.
Further interesting discussion on Hacker News [2]
[1] https://www.lunasec.io/docs/blog/log4j-zero-day/
[2] https://news.ycombinator.com/item?id=29504755
- Bram
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
