Re: Janusgraph-full-0.6.1: how to fix "WARNING: Critical severity vulnerabilities were found with Log4j!"

Home Messages Hashtags Subgroups Calendar

Yingjie Li #6657 Hello Marc, For this build, in directory janusgraph-full-1.0.0-SNAPSHOT/lib, there are log4j-1.2.17.jar , log4j-api-2.18.0.jar, log4j-core-2.18.0.jar, log4j-slf4j-impl-2.18.0.jar, but no slf4j-log4j12-1.7.30.jar . In directory janusgraph-full-1.0.0-SNAPSHOT/elasticsearch/lib, there are elasticsearch-log4j-7.17.5.jar, log4j-api-2.17.1.jar Yingjie toggle quoted message Show quoted text On Fri, Sep 30, 2022 at 1:51 AM <hadoopmarc@...> wrote: Hi Yingjie, See my earlier comment, with respect to janusgraph-0.6.2: >>My suggestion was incomplete. In addition to removing the log4j-1.2.17.jar file from the lib folder, you have to remove the slf4j-log4j12-1.7.30.jar file as well. Otherwise, JanusGraph server starts looking for the log4j jar and crashes, as you found out. Can you confirm that log4j-2x in the elasticsearch/lib folder now has the required version? Best wishes, Marc
More All Messages By This Member

Join janusgraph-users@lists.lfaidata.foundation to automatically receive all group messages.