![Cover image for [how to fix] Apache SOLR impacted by CVE-2021-4428 vulnerability](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F304pdfxr2yzf405hjzbp.jpg)
Apache SOLR is impacted by CVE-2021-4428
Now what?
UPDATE: Solr 8.11.1 is already available!
Here is how you can fix it:
STOP SOLR
[Windows] solr.cmd stop -p 8983
[Linux] service solr stop
Edit
solr.cmd(for Windows)
solr (for Linux)
files from \bin directory
[Windows]
- in solr.cmd file, find this line:
set START_OPTS=-Duser.timezone=%SOLR_TIMEZONE%
- right after this line, add this line:
set "START_OPTS=%START_OPTS% -Dlog4j2.formatMsgNoLookups=true"
[Linux]
- in solr file, find this line:
SOLR_START_OPTS=(
- inside the brackets () wherever you want add this
"-Dlog4j2.formatMsgNoLookups=true"
START SOLR
Let's TEST if the changes had effect
- Open SOLR UI
- In Dashboard check if you see
-Dlog4j2.formatMsgNoLookups=true
Top comments (0)