Hello, you probably have seen CVE-2021-44228, which affects log4j. After analyzing the products' use of log4j, this is what we came down to as a public message:
...
** Queries sent by VidiCore are logged by Solr. However, special characters are escaped as part of the query. Hence, an attacker cannot perform a query and make Solr emit the ${jndi: text.
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228