Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"

Yingjie Li

Yes, we use Cassandra and Elasticsearch at the backend  from janusgraph-full-0.6.2  . What  are the steps to disable log4j?  



On Fri, Sep 16, 2022 at 2:30 AM <hadoopmarc@...> wrote:

[Edited Message Follows]

Hi Yingjie,

As to the short term workaround with removing the log4j jars, from the lib folder you can still use the gremlin console if you edit the ext/plugins.txt file and remove the lines with the hadoop and spark plugins.

However, you state that you use elasticsearch, which also ships with log4j in the distribution.

Best wishes,


Edited: cassandra does not ship with log4j

Join { to automatically receive all group messages.