I'm not aware that it is possible, but you could easily swap it out with any log lib supported by slf4j v1.7.7. But the only advice you'll get from us here is to upgrade Solr. It may not be as difficult as you fear. You need ot migrate some field types in schema and re-index, but both update and select APIs should be compatible..
Jan > 31. mar. 2023 kl. 19:46 skrev Aravind Reddy Jangam > <[email protected]>: > > Thanks, even though log4j in solr is not affected by log4shell issue, I > wanted to check if its possible to upgrade log4j with out upgrading solr > As log4j version is end of life and apache recommends to upgrade to log4j > version 2 > > https://news.apache.org/foundation/entry/apache_logging_services_project_announces > > Thanks > > From: Jan Høydahl <[email protected]> > Sent: Friday, March 31, 2023 11:56 AM > To: [email protected] > Subject: Re: Upgrading log4j > > Hi, > > Why do you believe you need to upgrade log4j in solr 6? It was not affected > by the log4shell issue. > See our article at > https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 > > <https://urldefense.com/v3/__https:/solr.apache.org/security.html*apache-solr-affected-by-apache-log4j-cve-2021-44228__;Iw!!NknhfzgzgQ!2KWSIHcbebOq1B16_TJmVISjx9IB9d9hAMe2Xa1M2vA4dSGDwuSJMyxiGHzxWSBsChsqhRlO19OqFkn5ywtHmbmvGtFWQu4$> > where we state that Solr 7.4.0 is the earliest Solr version vulnerable to > log4shell. > > But of course, running such an old version of Solr makes you vulnerable to > other risks: > NVD - Results > <https://urldefense.com/v3/__https:/nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe*3A*2F*3Aapache&cpe_product=cpe*3A*2F*3Aapache*3Asolr&cpe_version=cpe*3A*2F*3Aapache*3Asolr*3A6.6.6__;JSUlJSUlJSUlJSUl!!NknhfzgzgQ!2KWSIHcbebOq1B16_TJmVISjx9IB9d9hAMe2Xa1M2vA4dSGDwuSJMyxiGHzxWSBsChsqhRlO19OqFkn5ywtHmbmv2MA-phI$> > nvd.nist.gov > <https://urldefense.com/v3/__https:/nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe*3A*2F*3Aapache&cpe_product=cpe*3A*2F*3Aapache*3Asolr&cpe_version=cpe*3A*2F*3Aapache*3Asolr*3A6.6.6__;JSUlJSUlJSUlJSUl!!NknhfzgzgQ!2KWSIHcbebOq1B16_TJmVISjx9IB9d9hAMe2Xa1M2vA4dSGDwuSJMyxiGHzxWSBsChsqhRlO19OqFkn5ywtHmbmv2MA-phI$> > > > <https://urldefense.com/v3/__https:/nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe*3A*2F*3Aapache&cpe_product=cpe*3A*2F*3Aapache*3Asolr&cpe_version=cpe*3A*2F*3Aapache*3Asolr*3A6.6.6__;JSUlJSUlJSUlJSUl!!NknhfzgzgQ!2KWSIHcbebOq1B16_TJmVISjx9IB9d9hAMe2Xa1M2vA4dSGDwuSJMyxiGHzxWSBsChsqhRlO19OqFkn5ywtHmbmv2MA-phI$> > > > Jan > > > 31. mar. 2023 kl. 16:37 skrev Aravind Reddy Jangam > <[email protected] > <mailto:[email protected]>>: > > Hi > > We are running solr verions 6 & log4j version 1.x > Is it possible to upgrade log4j to version 2.x with out upgrading solr 6 > > Thanks > > > Confidentiality note: This e-mail may contain confidential information from > Clarivate. If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of this e-mail is > strictly prohibited. If you have received this e-mail in error, please delete > this e-mail and notify the sender immediately. > > Confidentiality note: This e-mail may contain confidential information from > Clarivate. If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of this e-mail is > strictly prohibited. If you have received this e-mail in error, please delete > this e-mail and notify the sender immediately. >
