git4anjali
commented
2 years ago Hi James, Currently the latest version of psicquic-solr is having log4j 1.x without JMSAppender configurations so it is not effected by the vulnerabilities. We cannot upgrade to 8.11.1 apache solr as we are running solr instance 3.6.2 for psicquic and therefore will have compatibility issues. We do not have resources to upgrade the psicquic solr instance currently.
Thanks&Regards, Intact Team, Anjali Shrivastava Senior Software Engineer - IntAct European Bioinformatics Institute (EMBL-EBI) South-Building, V3-40, Wellcome Trust Genome Campus, Hinxton, Cambridge, UK
Tel: +44 1223 49 4596 E-mail: @.***
On 14 Dec 2021, at 11:07, James Collier @.***> wrote:
Hi, As you may've heard there's a remote code execution (RCE) vulnerability (called log4shell https://en.wikipedia.org/wiki/Log4Shell) affecting Java software using versions of log4j < 2.15.0. Apache Solr has released version 8.11.1 that depends on the fixed log4j library.
Can you release with the updated Solr please?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/PSICQUIC/psicquic-solr/issues/10, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD2XI6PZFF74HTLEQAZWVATUQ4QPTANCNFSM5KASVBZA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Hi, As you may've heard there's a remote code execution (RCE) vulnerability (called log4shell) affecting Java software using versions of log4j < 2.15.0. Apache Solr has released version 8.11.1 that depends on the fixed log4j library.
Can you release with the updated Solr please?