Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are using Talend studio 7.3.1.20202019_1130 and build the jobs and schedule them in Unix server.
The Build provides us log4j..2.12 versions.
We implemented two steps as talend advised to overcome log4j Vulnerability as given below
1) In log4j2 xml file included {nolookups}
2) In Studio under Run/debug JVM arguments added -Dlog4j2.formatMsgNoLookups=true
But our organization recommends following Apache standards "
customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later)"
So please advise how can we go for next steps, do we need to upgrade or any patch available so on, what is the best solution
@sri ranga pavan govinda, please read this page about log4j issue, if you are using enterprise subscription products, raise a ticket on Talend Support Portal to request a patch.
Regards
Shong
Hello guys I was also having trouble doing the update version of the log4j library. Looking on the internet I found this article that was accurate in solving the problem. I hope they help people who use the open version.
Updating Talend Log4j libraries - User's Manual - 7.0 (rob-ex.com)