JanusGraph Security Vulnerability -- Using Log4j 2.8.2 with JanusGraph
Hello JanusGraph Development Team
JanusGraph is using Apache log4j. 1.2.x which seems to have security vulnerabilities with deserialization of untrusted data. This will hinder the adoption of JanusGraph due to security reasons.
It seems Log4j 2.8.2 and later versions have resolved this vulnerability. See this: https://logging.apache.org/log4j/2.x/security.html
Is it possible to use Log4j 2.8.2 or above with JanusGraph?