The Log4J Vulnerability
Today the ProboCI team released a patch to all ProboCI PHP images to mitigate the Log4J Remote Execution flaw within our Docker Containers. The affected system was the current version of SOLR (v7.7.3). To mitigate against this exploit, we have downgraded SOLR to version 7.3.1 which is not affected by this issue.
Why Downgrade?
The reason for downgrading was compatibility with all versions of Drupal. Currently, SOLR 8 is not compatible with Drupal 7. So if we had made the upgrade to SOLR 8, Search API and Search API SOLR would not have worked with the Probo implementation of SOLR for Drupal 7. In an effort to maintain as much backward compatibility as possible until SOLR ersion 7 is patched, we opted to downgrade to a non-vulnerable version. There is little risk here as version 7.3.1 is what ProboCI had been running until the update to 7.7.3 during the last update cycle. In this way both Drupal 7, 8 and 9 can continue to utilize SOLR.
For more information on the updates to our disk images including any SOLR or other configration changes, please contact Probo Support with any questions or concerns related to this issue.