[jira] [Created] (SOLR-18288) Document non-exploitability of Log4j CVE-2026-34477 through -34481 in Solr 9.10.1

Piotr Karwasz (Jira) Wed, 17 Jun 2026 12:41:10 -0700

Piotr Karwasz created SOLR-18288:
------------------------------------

             Summary: Document non-exploitability of Log4j CVE-2026-34477 
through -34481 in Solr 9.10.1
                 Key: SOLR-18288
                 URL: https://issues.apache.org/jira/browse/SOLR-18288
             Project: Solr
          Issue Type: Bug
            Reporter: Piotr Karwasz



Document the non-exploitability of the April 2026 Log4j security advisories in 
the Solr 9.10.1 distribution:

* CVE-2026-34477
* CVE-2026-34478
* CVE-2026-34479
* CVE-2026-34480
* CVE-2026-34481

None of these vulnerabilities affect Solr 9.10.1 under the *default logging 
configuration*.

CVE-2026-34481 is additionally not exploitable under *any* configuration, 
because Solr issues no logging calls that could trigger it.




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (SOLR-18288) Document non-exploitability of Log4j CVE-2026-34477 through -34481 in Solr 9.10.1

Reply via email to