On 2021-12-13 a documentation has been added to update log4j to fix the newly found vulnerabilities.
Since I don’t like to do things manually, I created a PowerShell script for this process after returning from my vacation.
Basically the script does everything which is listed in the documentation.
- The script downloads, the log4j version into the temp folder. Afterwards it’s extracted and the unnecessary javadoc and sorces files are removed.
- The search services is stopped
- The existing files in the two folders are removed, requesting your confirmation.
- The new files are copied into the folders
- Search service is restarted
- The verification URLs are opened to check whether SOLR could be restarted. This could take a few seconds until the page is displayed and you may need to refresh the URL.
The script checks, whether it’s executed with administrative privileges. These are necessary to start/stop the search service. Things which can be changed:
- The URL of the latest version
$fileUrl = "https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip"
- If you don’t want to confirm the deletion you can remove the -Confirm flag. I used this to verify the correct file path.
# With confirmation Get-ChildItem $solrContribFolder -Filter $log4jApiFilePattern | Remove-Item -Confirm # Without Get-ChildItem $solrContribFolder -Filter $log4jApiFilePattern | Remove-Item