You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Docker 7.7.3 container from official registry, pulled this evening and referenced in the Dockerfile in release 9.0.3 contains log4j versions 2.11.0 and no mitigations in bin/solr.in.sh.
Anyone building and running a new container from release 9.0.3 will have a log4shell vulnerable container.
Steps to reproduce the behavior:
Build and run with the Dockerfile from release 9.0.3
Expected behavior
A container that is not vulnerable for log4shell
The text was updated successfully, but these errors were encountered:
Ok, so maybe I should have framed it like a question, is it vulnerable?
But while I accept that in practice it isn't, this will force us to modify the containers, because the Dutch government response has been that any application with log4j2 < 2.15 (and probably now 2.16) will be unacceptable. Just so you know.
The Docker 7.7.3 container from official registry, pulled this evening and referenced in the Dockerfile in release 9.0.3 contains log4j versions 2.11.0 and no mitigations in bin/solr.in.sh.
Anyone building and running a new container from release 9.0.3 will have a log4shell vulnerable container.
Steps to reproduce the behavior:
Build and run with the Dockerfile from release 9.0.3
Expected behavior
A container that is not vulnerable for log4shell
The text was updated successfully, but these errors were encountered: