How to update log4j version

0
I am able to see log4j-1.2.17.jar  in the user lib folder for my application.   We are not using any library logging, Don’t know from where this is popping up.   Please suggest on how to update this to 2.17 version.
asked
1 answers
1

It’s likely a dependency of some module you either (a) have in your project now or (b) had installed at one point. 

The file you have is from log4j v1 which is not vulnerable according to: https://logging.apache.org/log4j/2.x/security.html 

It has also been out of maintenance/support for a long time (2015) so I wonder if perhaps it’s left over from long ago or a very old module of your app.

 

I recommend you review all of the JAR files in your userlib folder and remove those that are no longer needed.

answered