Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"


Yingjie Li
 

On Sat, Aug 20, 2022 at 09:28 AM, <hadoopmarc@...> wrote:
The JanusGraph and TinkerPop code only explicitly depend on slfj4j, so you can choose the logging implementation. you want You can simply remove the log4j-1.2.17.jar from the lib folder of the janusgraph binary distribution or exclude it in the pom.xml of any project depending on janusgraph.
Note that janusgraph also ships with logback and provides a sample config in conf/logback.xml.
Hello Marc,
If I remove  log4j-1.2.17.jar from the  lib directory of janusgraph distribution, say janusgraph-full-0.6.2/lib,then the  janusgraph server can not be started. Below is the error message, and there is no janusgraph.log writen out. 
Am I missing anything?

Thanks,
Yingjie

......
Forking Cassandra...
Running `nodetool statusbinary`.... OK (returned exit status 0 and printed string "running").
Forking Elasticsearch...
Connecting to Elasticsearch (127.0.0.1:9200)....... OK (connected to 127.0.0.1:9200).
Forking JanusGraph-Server...
Connecting to JanusGraph-Server (127.0.0.1:8182)............................. timeout exceeded (60 seconds): could not connect to 127.0.0.1:8182
See janusgraph install directory/bin/../logs/janusgraph.log for JanusGraph-Server log output.

Join janusgraph-users@lists.lfaidata.foundation to automatically receive all group messages.