[
https://issues.apache.org/jira/browse/SOLR-18097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aviral Sinha updated SOLR-18097:
--------------------------------
Summary: Log4j Upgrade: 2.17.2 → 2.25.3 (CVE-2025-68161 Remediation)
Confirmation on remediation (was: Log4j Upgrade: 2.17.2 → 2.25.3
(CVE-2025-68161 Remediation) Confirmation)
> Log4j Upgrade: 2.17.2 → 2.25.3 (CVE-2025-68161 Remediation) Confirmation on
> remediation
> ---------------------------------------------------------------------------------------
>
> Key: SOLR-18097
> URL: https://issues.apache.org/jira/browse/SOLR-18097
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: 8.4
> Reporter: Aviral Sinha
> Priority: Major
>
> _*Given that we do not utilize socket appenders or any network-based logging
> mechanisms, we believe that vulnerabilities specifically targeting the
> transmission of logs over the network (such as those requiring a Socket
> Appender to be active) are not applicable to our current architecure.*_
>
> Could you please confirm if our assessment is correct? Specifically, we want
> to ensure that in the absence of a declared Socket Appender, the risk of
> exploitation is mitigated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
