Hi Team For Solr side mitigation for log4j, we have manually updated the log4j-c ore and log4j-api files to latest versions (2.17.1) and have done (Linux/MacOS) Edit your solr.in.sh file to include: SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" this mitigation step as well as mentioned in the solr security update https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 The CompanySecurity Team have shared a vulnerability in solr's end. Can you please confirm that these mitigation steps are good to solve the issue from solr's end.
The Solr application is installed as a service in our system, can you please share the steps needed to update solr to the latest version, without losing the data indexed in solr. Thanks and Regards, Raghav Khandelwal This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
