Fixing Apache Log4J Vulnerability for Sitecore with Solr - CVE-2021–44228
If you use any Log4J version from 2.0-beta9 to 2.14.1, then you need to patch it. This vulnerability severity was classified as Critical.
You don’t need to patch it if you are using any version after 8.11.1.
This vulnerability allows malicious actors to execute payloads on the vulnerable machines. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
More information about the CVE:
Undergoing Analysis Apache Log4j2 2.10) this behavior can be mitigated by setting system property…
The solution is fairly simple, just edit solr.in.cmd file to include the following parameter:
You can also run the following script to fix that:
This will add the mentioned line to solr.in.cmd and restarts solr service.