Re: Can dovecot be leveraged to exploit Solr/Log4shell?

15 Dec 2021 · *not*


      On 15.12.21 08:45, Alessio Cecchi wrote:
...
SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
and should be enough to prevent this vulnerability.
Possibly not anymore, see CVE-2021-45046 ("re-opened" CVE-2021-44228 for
v2 prior to 2.16.0) and CVE-2021-4104 (variant for v1, in the meantime -
at least by Red Hat - downgraded to *not* be a *Remote* Code Execution
(RCE) vuln) ...
Regards,
Jochen Bern
Systemingenieur
Binect GmbH