Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SOLR-15843 Update Log4J to 2.15 #454

Merged
merged 5 commits into from
Dec 10, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions solr/CHANGES.txt
Original file line number Diff line number Diff line change
Expand Up @@ -476,6 +476,8 @@ Bug Fixes

* SOLR-8319: Fix NPE in pivot facets, add non-Analyzed query method in FieldType. (Houston Putman, Isabelle Giguere)

* SOLR-15843: Update Log4J to 2.15 (Mike Drob)

================== 8.11.0 ==================

Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
Expand Down
6 changes: 5 additions & 1 deletion solr/bin/solr.in.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -213,4 +213,8 @@ REM set SOLR_ADMIN_UI_DISABLED=false
REM Solr is by default allowed to read and write data from/to SOLR_HOME and a few other well defined locations
REM Sometimes it may be necessary to place a core or a backup on a different location or a different disk
REM This parameter lets you specify file system path(s) to explicitly allow. The special value of '*' will allow any path
REM SOLR_OPTS="%SOLR_OPTS% -Dsolr.allowPaths=D:\,E:\other\path"
REM set SOLR_OPTS=%SOLR_OPTS% -Dsolr.allowPaths=D:\,E:\other\path

REM Some previous versions of Solr use an outdated log4j dependency. If you are unable to use at least log4j version 2.15.0
REM then enable the following setting to address CVE-2021-44228
REM set SOLR_OPTS=%SOLR_OPTS% -Dlog4j2.formatMsgNoLookups=true
4 changes: 4 additions & 0 deletions solr/bin/solr.in.sh
Original file line number Diff line number Diff line change
Expand Up @@ -258,3 +258,7 @@
# You can test this behaviour by setting SOLR_HEAP=25m
#SOLR_HEAP_DUMP=true
#SOLR_HEAP_DUMP_DIR=/var/log/dumps

# Some previous versions of Solr use an outdated log4j dependency. If you are unable to use at least log4j version 2.15.0
# then enable the following setting to address CVE-2021-44228
# SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
1 change: 0 additions & 1 deletion solr/licenses/log4j-1.2-api-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-1.2-api-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
bc960fe2acbe6f3952011f88a771de18301534e7
1 change: 0 additions & 1 deletion solr/licenses/log4j-api-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-api-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
4a5aa7e55a29391c6f66e0b259d5189aa11e45d0
1 change: 0 additions & 1 deletion solr/licenses/log4j-core-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-core-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ba55c13d7ac2fd44df9cc8074455719a33f375b9
1 change: 0 additions & 1 deletion solr/licenses/log4j-layout-template-json-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-layout-template-json-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
295580f2a67d6af4e276dd415dc3d78cf0167208
1 change: 0 additions & 1 deletion solr/licenses/log4j-slf4j-impl-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-slf4j-impl-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
8bb417869ab3baa19f2fc70e6d776d041f0a8ebc
1 change: 0 additions & 1 deletion solr/licenses/log4j-web-2.14.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions solr/licenses/log4j-web-2.15.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0e2b1512cb85e38326844bdb707b6673e0e70eeb
8 changes: 4 additions & 4 deletions versions.lock
Original file line number Diff line number Diff line change
Expand Up @@ -127,9 +127,9 @@ org.apache.kerby:kerby-asn1:1.0.1 (1 constraints: fd0be9f4)
org.apache.kerby:kerby-config:1.0.1 (4 constraints: 4d3182b9)
org.apache.kerby:kerby-pkix:1.0.1 (1 constraints: 710bfce4)
org.apache.kerby:kerby-util:1.0.1 (2 constraints: 6518bdb6)
org.apache.logging.log4j:log4j-api:2.14.1 (4 constraints: d033fab0)
org.apache.logging.log4j:log4j-core:2.14.1 (2 constraints: 0d16b624)
org.apache.logging.log4j:log4j-slf4j-impl:2.14.1 (1 constraints: 3a053c3b)
org.apache.logging.log4j:log4j-api:2.15.0 (4 constraints: d03302b1)
org.apache.logging.log4j:log4j-core:2.15.0 (2 constraints: 0d16ba24)
org.apache.logging.log4j:log4j-slf4j-impl:2.15.0 (1 constraints: 3a053e3b)
org.apache.lucene:lucene-analysis-common:9.0.0 (10 constraints: ac9e842f)
org.apache.lucene:lucene-analysis-icu:9.0.0 (1 constraints: 0b051836)
org.apache.lucene:lucene-analysis-kuromoji:9.0.0 (1 constraints: 0b051836)
Expand Down Expand Up @@ -317,7 +317,7 @@ org.apache.kerby:kerb-common:1.0.1 (2 constraints: a51841ca)
org.apache.kerby:kerb-identity:1.0.1 (1 constraints: 5f0cb602)
org.apache.kerby:kerb-server:1.0.1 (1 constraints: d10b65f2)
org.apache.kerby:kerb-simplekdc:1.0.1 (1 constraints: dc0d7e3e)
org.apache.logging.log4j:log4j-1.2-api:2.14.1 (1 constraints: 3a053c3b)
org.apache.logging.log4j:log4j-1.2-api:2.15.0 (1 constraints: 3a053e3b)
org.asciidoctor:asciidoctorj:1.6.2 (1 constraints: 0b050436)
org.asciidoctor:asciidoctorj-api:1.6.2 (1 constraints: e30cfb0d)
org.freemarker:freemarker:2.3.31 (1 constraints: ef0e9271)
Expand Down
2 changes: 1 addition & 1 deletion versions.props
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ org.apache.httpcomponents:httpcore=4.4.13
org.apache.httpcomponents:httpmime=4.5.10
org.apache.james:apache-mime4j*=0.8.3
org.apache.kerby:*=1.0.1
org.apache.logging.log4j:*=2.14.1
org.apache.logging.log4j:*=2.15.0
org.apache.lucene:*=9.0.0
org.apache.opennlp:opennlp-tools=1.9.1
org.apache.pdfbox:*=2.0.24
Expand Down