Aviral Sinha created SOLR-18097:
-----------------------------------
Summary: Log4j Upgrade: 2.17.2 → 2.25.3 (CVE-2025-68161
Remediation) Confirmation
Key: SOLR-18097
URL: https://issues.apache.org/jira/browse/SOLR-18097
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: SolrCloud
Affects Versions: 8.4
Reporter: Aviral Sinha
_*Given that we do not utilize socket appenders or any network-based logging
mechanisms, we believe that vulnerabilities specifically targeting the
transmission of logs over the network (such as those requiring a Socket
Appender to be active) are not applicable to our current architecure.*_
Could you please confirm if our assessment is correct? Specifically, we want to
ensure that in the absence of a declared Socket Appender, the risk of
exploitation is mitigated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
