Log4Shell Log4J exploit in Cpanel?


New Member
does anyone know if we have to do anything to ensure apache is updated re. the recent Log4Shell exploit?
Update: this only seems to affect those users whom have Solr installed via Cpanel.

Also, since it was patched by Apache last week and included in Cpanel updates, another vulnerability was detected and patched (as of yesterday: Tues 14th Dec).

Example output on a patched server:

# rpm -qv --changelog cpanel-dovecot-solr|grep "CVE-2021-45046"
- Remove JndiLookup.class from log4j to mitigate CVE-2021-45046