Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"


Hi Yingjie,

The JanusGraph and TinkerPop code only explicitly depend on slfj4j, so you can choose the logging implementation. you want You can simply remove the log4j-1.2.17.jar from the lib folder of the janusgraph binary distribution or exclude in in the pom.xml of any project depending on janusgraph.
Note that janusgraph also ships with logback and provide a sample config in conf/logback.xml.

Best wishes,   Marc

Join { to automatically receive all group messages.