janusgraph-users@lists.lfaidata.foundation | Log4j Vulnerability for janusgraph

Home Messages Hashtags Subgroups Calendar

Date Date 1 - 6 of 6

Log4j Vulnerability for janusgraph

nidhi.vinaykiya27@... #6489 I am using Janusgraph 0.5.2. How can I get rid of log4j vulnerability that 1.2.x has? Will 0.5.2 support log4j 2.17.x [Maybe install the binary of log4j 2.17.x] ? Or do we have any other log4j alternatives that janusgraph 0.5.2 can support? If yes, do we have a document on how that can be integrated with Janusgraph?
More All Messages By This Member
Vinayak Bali #6490 Hi Nidhi, I have faced the same problem. Log4j previous versions have vulnerability and security threats. But the good part is those issues were addressed in latest versions. Using the latest version resolved the issue for me. You can try using the latest version. Thanks & Regards, Vinayak toggle quoted message Show quoted text On Mon, 25 Apr 2022, 5:01 pm , <nidhi.vinaykiya27@...> wrote: I am using Janusgraph 0.5.2. How can I get rid of log4j vulnerability that 1.2.x has? Will 0.5.2 support log4j 2.17.x [Maybe install the binary of log4j 2.17.x] ? Or do we have any other log4j alternatives that janusgraph 0.5.2 can support? If yes, do we have a document on how that can be integrated with Janusgraph?
More All Messages By This Member
Ronnie #6491 https://docs.janusgraph.org/master/changelog/#upgrade-of-log4j-to-version-2 - i see a fix for this in the upcoming 1.0.0 release, but it will be great of this can be available as a patch release sooner. @Vinayak, please can you elaborate on how exactly you used the latest version of the log4j libraries.
More All Messages By This Member
nidhi.vinaykiya27@... #6492 Even the latest release janusgraph 0.6.1 used log4j 1.2.x . How were you able to fix it?
More All Messages By This Member
nidhi.vinaykiya27@... #6493 @ronnie i agree. Patch release would help. But we are not sure when that’s going to come. Do we have any other alternative?
More All Messages By This Member
Vinayak Bali #6494 Hi, Try updating the jar file, I mean deleting the earlier one and placing the new one in lib folder. There might be some other changes required not sure. I was working with janusgraph before not shifted to other graph. I hope this helps. Thanks and Regards, Vinayak toggle quoted message Show quoted text On Wed, 27 Apr 2022, 10:37 pm , <nidhi.vinaykiya27@...> wrote: @ronnie i agree. Patch release would help. But we are not sure when that’s going to come. Do we have any other alternative?
More All Messages By This Member

1 - 6 of 6

1

Previous Topic Next Topic

Home Hashtags Subgroups Calendar Terms