JanusGraph Security Vulnerability -- Using Log4j 2.8.2 with JanusGraph

Graphs <manas...@...>

Hello JanusGraph Development Team

JanusGraph is using Apache log4j. 1.2.x which seems to have security vulnerabilities with deserialization of untrusted data. This will hinder the adoption of JanusGraph due to security reasons.


It seems Log4j 2.8.2 and later versions have resolved this vulnerability. See this: https://logging.apache.org/log4j/2.x/security.html

Is it possible to use Log4j 2.8.2 or above with JanusGraph?