Is cpanel-dovecot-solr vulnerable to CVE-2021 -45105?
According to Apache's Solr release information
Apache Solr releases are not vulnerable to the followup CVE-2021-45046 and CVE-2021-45105, because the MDC patterns used by Solr are for the collection, shard, replica, core and node names, and a potential trace id, which are all sanitized and injected into log files with "
%X". Passing system property
log4j2.formatMsgNoLookups=true (as described below) is suitable to mitigate.