Hi, Why do you believe you need to upgrade log4j in solr 6? It was not affected by the log4shell issue. See our article at https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 where we state that Solr 7.4.0 is the earliest Solr version vulnerable to log4shell.
But of course, running such an old version of Solr makes you vulnerable to other risks: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Asolr&cpe_version=cpe%3A%2F%3Aapache%3Asolr%3A6.6.6 Jan > 31. mar. 2023 kl. 16:37 skrev Aravind Reddy Jangam > <[email protected]>: > > Hi > > We are running solr verions 6 & log4j version 1.x > Is it possible to upgrade log4j to version 2.x with out upgrading solr 6 > > Thanks > > > Confidentiality note: This e-mail may contain confidential information from > Clarivate. If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of this e-mail is > strictly prohibited. If you have received this e-mail in error, please delete > this e-mail and notify the sender immediately.
