Documentation > Security > The log4j Vulnerability (CVE-2021-44228)

🛡️ Opensolr & The Log4j Vulnerability (CVE-2021-44228)

What is the log4j exploit?

The log4j vulnerability (CVE-2021-44228) is a critical security issue discovered in December 2021.
It allows attackers to execute remote code on vulnerable systems, by exploiting the way log4j logs certain input—potentially turning any untrusted log entry into a system command.

Summary:
If a vulnerable application logs user-controlled input using log4j, an attacker can craft input that gets executed as code on the server.


🚨 Is Opensolr affected by the log4j exploit?

No. The Opensolr service is not vulnerable.
This vulnerability was fully patched across the entire Opensolr ecosystem on December 11, 2021.

Your Solr data and indexes hosted by Opensolr have been—and remain—protected.


📋 Did this vulnerability impact my servers or data?

No.
- Opensolr patched all managed environments immediately after the vulnerability was disclosed. - However: We strongly recommend you review and patch any of your own Java applications or infrastructure, if they use log4j.


🧩 Am I safe if I’m running Solr version 1–8?

Yes.
- The Opensolr patch protects all Solr versions, regardless of which you are running. - This was not a Solr-specific issue—it was a vulnerability in the log4j library, used by many Java applications. - If log4j is patched, your Solr install is safe.

Need a different Solr version?
- You can add a new index with a recent Solr version container/server from your Opensolr Control Panel. - (Custom migrations or upgrades can be performed by our team for a fee.)


⚠️ What if I run Solr or other Java apps myself?

  • If you manage your own Java services (inside or outside Opensolr), you should patch or update log4j immediately.
  • There are many detailed guides and official resources available online:

🛡️ Best Practices & Next Steps

  • Always apply vendor security patches promptly.
  • Monitor official Solr and Apache log4j channels for updates.
  • Contact Opensolr support for assistance or questions about your managed indexes.

Security is a shared responsibility. Opensolr is committed to protecting your data and providing fast, transparent responses to new threats.






Review us on Google Business
ISO-9001 CERTIFIED ISO-27001 CERTIFIED