[
https://issues.apache.org/jira/browse/SOLR-15850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-15850.
--------------------------------
Resolution: Fixed
Read our security advisory. We have not upgraded log4j in the 7.7 docker image,
but applied the sys.prop which is sufficient for Solr's use. Thus you'll
continue to see false positives on docker scanning.
> Not all docker tags are updated for CVE-2021-44228
> --------------------------------------------------
>
> Key: SOLR-15850
> URL: https://issues.apache.org/jira/browse/SOLR-15850
> Project: Solr
> Issue Type: Task
> Components: documentation
> Affects Versions: 7.5
> Reporter: IIS
> Assignee: Jan Høydahl
> Priority: Critical
>
> As we are faced with critical
> [CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q]
> (log4shell) these days, we still await security patches to fix log4j
> vulnerabilities published on December 12th, 2021.
>
> In our case we're running Apache SOLR via Docker, where some image versions
> have been patched very quickly, but still some image versions float around in
> the official Docker Hub without having recieved the critical security patches.
>
> e.g. v7.5.0:
> [https://hub.docker.com/layers/solr/library/solr/7.5.0/images/sha256-e3db40fa85e7115d2d1d3eb06f7555b6132e33bd3b6e91b17c0a1690122a7acc?context=explore]
>
> When will these versions be updated in the Docker Repository to prevent users
> from being vulnerable with specific SOLR installations running?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
