Log4j Vulnerability

From truxwiki.com
Jump to navigation Jump to search

December of 2021, a vulnerability in Log4j library used by SOLR was discovered. Here's how to mitigate it in Truxton:

  1. Open the TruxtonService.xml file in a text editor
  2. Edit the services element for SOLR
  3. Add the -Dlog4j2.formatMsgNoLookups=true flag to the startup parameters

The following:

<services>{Solr 5 Server||$TextIndexerData$Search/bin/solr.cmd|start -p 8983 -m 5416m -a &quot;-XX:-UsePerfData&quot;|$TextIndexerData$Search/bin/solr.cmd|stop -p 8983|java.exe|jetty.port=8983},</services>

Should now be:

<services>{Solr 5 Server||$TextIndexerData$Search/bin/solr.cmd|start -p 8983 -m 5416m -a -Dlog4j2.formatMsgNoLookups=true &quot;-XX:-UsePerfData&quot;|$TextIndexerData$Search/bin/solr.cmd|stop -p 8983|java.exe|jetty.port=8983},</services>