Hi,
You may not be vulnerable, if none of your configs use Velocity ("/browse"
handler). However, you have several choices
* Remove the contrib/velocity folder on your Solr install
* Upgrade Solr servers to at least 8.4
Our general recommendation would be to attempt an upgrade on your test
environment to Solr 8.11.2 which is the latest 8.x release.
That will also fix the log4shell and other vulnerabilities. In general you want
to stay on latest patch version all the time.
It should be possible to simply stop the node, unpack the new version (keeping
your SOLR_HOME untouched) and start.
Jan
> 20. okt. 2022 kl. 10:56 skrev hari prasad <harryprasad1...@gmail.com>:
>
> Hi All,
>
> We have a Sitecore project and we are using windows Solr (solr-version
> 8.1.1). We been asked to fix the below vulnerability in our server.
>
> Vulnerability name: Apache Solr Remote Code Execution Vulnerability.
>
> And this is the patch fix Solr-13971 given by the team.
>
> Could anyone suggest how we can execute the patch fix on our impacted server
> or please suggest any other fix to resolve the vulnerability. Thanks in
> advance!
>
>
> Thanks & Regards,
> Hariprasad T
