DEV Community

Cover image for [how to fix] Apache SOLR impacted by CVE-2021-4428 vulnerability
Boga Sebastian Nicolae
Boga Sebastian Nicolae

Posted on • Updated on

[how to fix] Apache SOLR impacted by CVE-2021-4428 vulnerability

Apache SOLR is impacted by CVE-2021-4428
Now what?

UPDATE: Solr 8.11.1 is already available!

Here is how you can fix it:

STOP SOLR

[Windows] solr.cmd stop -p 8983
[Linux] service solr stop

Edit

solr.cmd(for Windows)
solr (for Linux)
files from \bin directory

[Windows]

  • in solr.cmd file, find this line:

set START_OPTS=-Duser.timezone=%SOLR_TIMEZONE%

  • right after this line, add this line:

set "START_OPTS=%START_OPTS% -Dlog4j2.formatMsgNoLookups=true"

[Linux]

  • in solr file, find this line:

SOLR_START_OPTS=(

  • inside the brackets () wherever you want add this

"-Dlog4j2.formatMsgNoLookups=true"

START SOLR


Let's TEST if the changes had effect

  1. Open SOLR UI
  2. In Dashboard check if you see -Dlog4j2.formatMsgNoLookups=true

Image description

Image description

Top comments (0)