Description
This vulnerability affects the cpanel-dovecot-solr
RPM that is provided by The install_dovecot_fts Script.
No other cPanel-provided packages are affected by this vulnerability and if cpanel-dovecot-solr
is not installed there are no further steps needed.
cPanels internal development team is to investigate this further.
Workaround
The only service provided by the cPanel software bundle that uses the logging utility Log4j is cpanel-dovecot-solr
. If you do not have this installed, then your server is secure. Any new installations of Dovecot_FTS will include the patched RPM by default. You can check if this RPM is installed with the following command.
https://support.cpanel.net/hc/en-us/articles/4415775520919-ApacheSolr-vulnerability-CVE-2021-44228-for-Log4j