What is the package or the equivalent class for DOMConfigurator in log4j version 2.15.0 ?
In an older version 1.7.x it exists in org.apache.log4j.xml.DOMConfigurator, but I can not find it in the new version 2.15.0
Related
I'm having a problem learning to upgrade to log4j2. Before, I used log4j 1 with apache servicemix 6.1.2, when I upgraded to log4j 2, I got an incompatibility error. I am learning to run the application on apache servicemix 7.0.1 to get the latest version of log4j2 .
I have read the document but do not understand which version of servicemix 7.0.1 uses log4j. Can anyone help me?
We use jericho 3.3 that has log4j 1.2.17 as transitive dependency. We plan to upgrade to 2.17.1 for all 3rd party as well as direct dependencies. Jericho 3.4 the latest has log4j api 2.4, how can we achieve to log4j api 2.17.1 ?
I want to upgrade Spark 3.1.2 to the latest version, which now is 3.2.1.
I read the release notes and it seems like the changes are not so significant.
Has anybody encountered some issues during the same update?
Hadoop version I use is 3.1.3. Java version - 1.8
hi I install Elasticsearch v 7.6 and when I know about log4j vulnerability I do scan on log4j files
I found that it use log4j v 2.11 which is vulnerable
this is the files I found
so how could I upgrade it or protect myself from this vulnerability
I have several java applications (running on Linux) that appear to specify a specific "log4j" version in the java executable.... For example:
<path to .../bin/java -Xmx242M -XX:MaxPermSize=160M blahblahblah:<path to log4j-core.jar:blahblah
The log4j version specified in the java executable is 1.2.17 (so...not vulnerable)
However, the vendor says the application uses log4j-core-2.9.1.jar (so... yes vulnerable)?
But if java is specifying the older version, why would the app be using the newer version?
How can I tell for sure which "log4j" is in use?
Make a new folder then unzip the jar file into the folder. Then do Ctrl-F log4j and you will see jar files for log4j with the version on them.