Apache SOLR is impacted by CVE-2021-4428
Now what?
UPDATE: Solr 8.11.1 is already available!
Here is how you can fix it:
STOP SOLR
[Windows] solr.cmd stop -p 8983
[Linux] service solr stop
Edit
solr.cmd
(for Windows)
solr
(for Linux)
files from \bin
directory
[Windows]
- in solr.cmd file, find this line:
set START_OPTS=-Duser.timezone=%SOLR_TIMEZONE%
- right after this line, add this line:
set "START_OPTS=%START_OPTS% -Dlog4j2.formatMsgNoLookups=true"
[Linux]
- in solr file, find this line:
SOLR_START_OPTS=(
- inside the brackets () wherever you want add this
"-Dlog4j2.formatMsgNoLookups=true"
START SOLR
Let's TEST if the changes had effect
- Open SOLR UI
- In Dashboard check if you see
-Dlog4j2.formatMsgNoLookups=true
Top comments (0)