Can dovecot be leveraged to exploit Solr/Log4shell?

Jochen Bern Jochen.Bern at
Wed Dec 15 17:21:30 UTC 2021

On 15.12.21 08:45, Alessio Cecchi wrote:
> SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
> and should be enough to prevent this vulnerability.

Possibly not anymore, see CVE-2021-45046 ("re-opened" CVE-2021-44228 for 
v2 prior to 2.16.0) and CVE-2021-4104 (variant for v1, in the meantime - 
at least by Red Hat - downgraded to *not* be a *Remote* Code Execution 
(RCE) vuln) ...

Jochen Bern

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the dovecot mailing list