Solr & CVE-2021-44228

Solr versions 7.4.0 to 7.7.3 and 8.0.0 to 8.11.0 is affected by the critical log4j library vulnerability and should be upgraded to 8.11.1 as soon as the new version is released.

For now you can mitigate the issue by doing one of the following:

  • manually upgrading Apache Solr log4j2 library
  • adding SOLR_OPTS=”$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to solr.in.sh file
  • if using Prometheus Exporter adding JAVA_OPTS=”$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true” to the solr-exporter script

More information on official Solr webpage.

Leave a Reply

Your email address will not be published. Required fields are marked *