DEV Community

Cover image for [how to fix] Apache SOLR impacted by CVE-2021-4428 vulnerability
Boga Sebastian Nicolae
Boga Sebastian Nicolae

Posted on • Edited on

3 1

[how to fix] Apache SOLR impacted by CVE-2021-4428 vulnerability

Apache SOLR is impacted by CVE-2021-4428
Now what?

UPDATE: Solr 8.11.1 is already available!

Here is how you can fix it:

STOP SOLR

[Windows] solr.cmd stop -p 8983
[Linux] service solr stop

Edit

solr.cmd(for Windows)
solr (for Linux)
files from \bin directory

[Windows]

  • in solr.cmd file, find this line:

set START_OPTS=-Duser.timezone=%SOLR_TIMEZONE%

  • right after this line, add this line:

set "START_OPTS=%START_OPTS% -Dlog4j2.formatMsgNoLookups=true"

[Linux]

  • in solr file, find this line:

SOLR_START_OPTS=(

  • inside the brackets () wherever you want add this

"-Dlog4j2.formatMsgNoLookups=true"

START SOLR


Let's TEST if the changes had effect

  1. Open SOLR UI
  2. In Dashboard check if you see -Dlog4j2.formatMsgNoLookups=true

Image description

Image description

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay