In addition to the mitigation strategies mentioned on the Solr page, the below blog post indicates that you should be protected if you are using Java 11.0.1 and up
https://www.lunasec.io/docs/blog/log4j-zero-day/ On Fri, Dec 10, 2021 at 3:07 PM Mike Drob <md...@mdrob.com> wrote: > Solr is affected. Please see the statement at the > https://solr.apache.org/security.html page > > On Fri, Dec 10, 2021 at 12:44 PM Walter Underwood <wun...@wunderwood.org> > wrote: > > > Does all Solr logging go through slf4j? If so, that should protect > against > > this vulnerability. > > > > If not, who has tested Solr with log4j 2.15.1? > > > > We are running 8.8.2. > > > > wunder > > Walter Underwood > > wun...@wunderwood.org > > http://observer.wunderwood.org/ (my blog) > > > > >
