Log4j Vulnerability
Jump to navigation
Jump to search
December of 2021, a vulnerability in Log4j library used by SOLR was discovered. Here's how to mitigate it in Truxton:
- Open the TruxtonService.xml file in a text editor
- Edit the
services
element for SOLR - Add the
-Dlog4j2.formatMsgNoLookups=true
flag to the startup parameters
The following:
<services>{Solr 5 Server||$TextIndexerData$Search/bin/solr.cmd|start -p 8983 -m 5416m -a "-XX:-UsePerfData"|$TextIndexerData$Search/bin/solr.cmd|stop -p 8983|java.exe|jetty.port=8983},</services>
Should now be:
<services>{Solr 5 Server||$TextIndexerData$Search/bin/solr.cmd|start -p 8983 -m 5416m -a -Dlog4j2.formatMsgNoLookups=true "-XX:-UsePerfData"|$TextIndexerData$Search/bin/solr.cmd|stop -p 8983|java.exe|jetty.port=8983},</services>