Ektron Log4j vulnerability

  • Updated

Ektron's Solr implementation is subject to the vulnerability documented by CVE-2021-44228

Ektron Solr versions affected: 9.3SP2 - 9.4SP1

There are no required actions for versions prior to 9.3SP2 as these use an earlier version of Log4j not within the scope of CVE-2021-44228. JMSAppender is also vulnerable but is not used in Ektron's implementation by default. 

Log4j release notes: https://logging.apache.org/log4j/2.x/security.html




Note: Option #1 is recommended to address other log4j vulnerabilities. 

Option #1 : Update to Ektron's 9.5 Solr version

For versions 9.3SP2 - 9.4SP1

  1. Uninstall the existing Solr version
  2. Download and install Solr executable for 9.5 from the downloads page.



Option #2: Update log4j jar files

For versions 9.3SP2 - 9.4SP1

  1. Backup the Solr directories. 
  2. Download the latest binary version of log4j (Apache Log4j 2 binary (zip)): https://logging.apache.org/log4j/2.x/download.html
  3. Delete all log4j jar files within the "\Solr\server\lib\ext" and "\Solr\contrib\prometheus-exporter\lib" directories and replace with the new files in following folders.

    Replace X with the sub version of log4j2. E.g. log4j-1.2-api-2.X.jar
    New files:
    New files:


If you would like to verify the log4j version do the below. Log4j versions prior to 2.0 are not vulnerable to CVE-2021-44228.

  1. In file explorer navigate to the SearchX.0 folder.
  2. Search for log4j .jar
  3. Copy those jars to a separate folder.
  4. Extract the .jar files.
  5. For each of the "META-INF" folder & open the file "MANIFEST.MF" in a text editor.
  6. Look for "Implementation-Version" and identify the log4j version.
  7. In some cases(9.2+) there can be a separate Solr directory, sometimes outside of the SearchX.0 folder. Repeat the above steps for such directories.