Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"


Jansen, Jan
 

Hi Yingjie,

You can also download our latest artifacts from github action. https://github.com/JanusGraph/janusgraph/actions/workflows/ci-release.yml?query=branch%3Amaster+is%3Acompleted

Just go to the last build and download distribution-builds.

Greetings,
Jan

From: janusgraph-users@... <janusgraph-users@...> on behalf of hadoopmarc via lists.lfaidata.foundation <hadoopmarc=xs4all.nl@...>
Sent: Friday, September 16, 2022 2:30 PM
To: janusgraph-users@... <janusgraph-users@...>
Subject: Re: [janusgraph-users] Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"
 
Hi Yingjie,

As edited in my previous reaction, the Cassandra jars in the JanusGraph distribution do not include the log4j jar. As to elasticsearch, your best choices are:
  1. not use mixed indices (check whether your application needs them)
  2. build JanusGraph for the current master branch, as already suggested by Boxuan above. The master branch has a patched Elasticsearch version 7.17

Best wishes,    Marc

Join janusgraph-users@lists.lfaidata.foundation to automatically receive all group messages.