Jump to content

Has anyone else heard about this lo4j 2 vulnerability ...

Warren Hinchliffe

Recommended Posts

Ive put on 8207.28.06 and theres a very brief blurb that I wish I would have gotten a screenshot of.

Its probably talking about this file:


Inside that file, youll find the log4j 2.17 version we should be using.

I presume we can follow the instructions from one of the hotfixes and probably work out what goes where, but Id rather find the right docs for how to get Solr up to speed on log4j 2.17.

searching the support site for solr_log4j_updates returns no answers for now. Its also not in the install manual or release notes or the readme.txt that is available to download. No clues I could find in the install logs under the installing user ID.

Im still searching around to see if the product division actually put some instructions out here that Im just missing.

If you guys see the blurb about bringing solr up to speed, let me know. Otherwise Ill just try using the old hotfix instructions with the contents of the zip file if it looks like everything is in there.


Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

I raised the same question about SOLR in a new case.

I was told look at the WFC Hotfix2 for 8207.28.05 for the instructions.

I asked if the log4j remediation was in this release since nothing mentioned

Also, the 8207.28.06 release notes have no notes on the Log4j issue.

The only good thing in the release notes is that there are now a list of fixes for 8207.28.05 and 28.06 in separate sections.

Link to comment
Share on other sites

Morning David,

I started to make a comparison between both HF2 for 8207.28.05 and the zip from .06 and found a readme


image.png1321459 39.8 KB


Reads much the same as it did in HF2 but with the version changed to 2.17.


image.png940249 5.72 KB


Itd be nice if they didnt bury the readme.txt actually inside the zip.

I have to wonder why Solr wasnt updated with the rest of our product And why we have to use the bat files to add/remove the service etc. Seems like something the installer could do.

Link to comment
Share on other sites

While Im re-upgrading a client, I thought Id grab a screenshot of the message that has to do with the Solr steps:


image.jpg809749 182 KB


Upgrade Advisory

Follow instructions from TIBCO support to update log4j*jar files in your pre-existing Solr.

Maybe they can improve on this next time.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...