[
https://issues.apache.org/jira/browse/SOLR-18288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated SOLR-18288:
----------------------------------
Labels: pull-request-available (was: )
> Document non-exploitability of Log4j CVE-2026-34477 through -34481 in Solr
> 9.10.1
> ---------------------------------------------------------------------------------
>
> Key: SOLR-18288
> URL: https://issues.apache.org/jira/browse/SOLR-18288
> Project: Solr
> Issue Type: Bug
> Reporter: Piotr Karwasz
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Document the non-exploitability of the April 2026 Log4j security advisories
> in the Solr 9.10.1 distribution:
> * CVE-2026-34477
> * CVE-2026-34478
> * CVE-2026-34479
> * CVE-2026-34480
> * CVE-2026-34481
> None of these vulnerabilities affect Solr 9.10.1 under the *default logging
> configuration*.
> CVE-2026-34481 is additionally not exploitable under *any* configuration,
> because Solr issues no logging calls that could trigger it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
