Question
Is cpanel-dovecot-solr vulnerable to CVE-2021 -45105?
Answer
According to Apache's Solr release information
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
Apache Solr releases are not vulnerable to the followup CVE-2021-45046 and CVE-2021-45105, because the MDC patterns used by Solr are for the collection, shard, replica, core and node names, and a potential trace id, which are all sanitized and injected into log files with "%X". Passing system property log4j2.formatMsgNoLookups=true (as described below) is suitable to mitigate.