Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"


Hi Yingjie,

See my earlier comment, with respect to janusgraph-0.6.2:

>>My suggestion was incomplete. In addition to removing the log4j-1.2.17.jar file from the lib folder, you have to remove the slf4j-log4j12-1.7.30.jar file as well. Otherwise, JanusGraph server starts looking for the log4j jar and crashes, as you found out.

Can you confirm that log4j-2x in the elasticsearch/lib folder now has the required version?

Best wishes,   Marc

Join { to automatically receive all group messages.