The log4j vulnerability (CVE-2021-44228) is a critical security issue discovered in December 2021.
It allows attackers to execute remote code on vulnerable systems, by exploiting the way log4j logs certain input—potentially turning any untrusted log entry into a system command.
Summary:
If a vulnerable application logs user-controlled input using log4j, an attacker can craft input that gets executed as code on the server.
No. The Opensolr service is not vulnerable.
This vulnerability was fully patched across the entire Opensolr ecosystem on December 11, 2021.
Your Solr data and indexes hosted by Opensolr have been—and remain—protected.
No.
- Opensolr patched all managed environments immediately after the vulnerability was disclosed.
- However: We strongly recommend you review and patch any of your own Java applications or infrastructure, if they use log4j.
Yes.
- The Opensolr patch protects all Solr versions, regardless of which you are running.
- This was not a Solr-specific issue—it was a vulnerability in the log4j library, used by many Java applications.
- If log4j is patched, your Solr install is safe.
Need a different Solr version?
- You can add a new index with a recent Solr version container/server from your Opensolr Control Panel.
- (Custom migrations or upgrades can be performed by our team for a fee.)
Security is a shared responsibility. Opensolr is committed to protecting your data and providing fast, transparent responses to new threats.