Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"
hadoopmarc@...
Hi Yingjie,
See my earlier comment, with respect to janusgraph-0.6.2:
>>My suggestion was incomplete. In addition to removing the log4j-1.2.17.jar file from the lib folder, you have to remove the slf4j-log4j12-1.7.30.jar file as well. Otherwise, JanusGraph server starts looking for the log4j jar and crashes, as you found out.
Can you confirm that log4j-2x in the elasticsearch/lib folder now has the required version?
Best wishes, Marc
See my earlier comment, with respect to janusgraph-0.6.2:
>>My suggestion was incomplete. In addition to removing the log4j-1.2.17.jar file from the lib folder, you have to remove the slf4j-log4j12-1.7.30.jar file as well. Otherwise, JanusGraph server starts looking for the log4j jar and crashes, as you found out.
Can you confirm that log4j-2x in the elasticsearch/lib folder now has the required version?
Best wishes, Marc