Upgrading Solr 6 to use Log4j 2.x

Question

Is it possible to upgrade Solr 6 to use Log4j 2.x?

We have some external dependencies on Solr 6 but would like to upgrade Log4j to the latest.

This may benefit from similar question at https://stackoverflow.com/questions/70440185/log4j-backward-compatibility (can jar be replaced without consequences?) — PaoloC, Jan 19 '22 at 11:45

score 1 · Accepted Answer · answered Jan 18 '22 at 20:37

Apache Solr releases prior to 7.4 (i.e. Solr 5, Solr 6, and Solr 7 
through 7.3) use Log4J 1.2.17 which may be vulnerable for installations 
using non-default logging configurations that include the JMS Appender, 
see 

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 

for discussion.

score 1 · Answer 2 · answered Aug 04 '22 at 18:10

A good alternative would be to replace log4j 1.2.17 with reload4j, which is a direct plugin replacement for the log4j jar file. It was developed by one of the companies that developed the original log4j project in response to its recently reported vulnerabilities. You can find more information at the Github project

I am aware of at least one OpenSource project (Alfresco) that is using it successfully.

Upgrading Solr 6 to use Log4j 2.x

2 Answers2