Solr versions 7.4.0 to 7.7.3 and 8.0.0 to 8.11.0 is affected by the critical log4j library vulnerability and should be upgraded to 8.11.1 as soon as the new version is released.
For now you can mitigate the issue by doing one of the following:
- manually upgrading Apache Solr log4j2 library
- adding SOLR_OPTS=”$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to solr.in.sh file
- if using Prometheus Exporter adding JAVA_OPTS=”$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true” to the solr-exporter script
More information on official Solr webpage.