Change log4j version
suraj1012
Registered Posts: 11 ✭✭✭
Dataiku installation directory contains log4j 1.2.17. Security team has raised a critical vulnerability regarding this. I know DSS has confirmed that its not vulnerable to the family of vulnerabilities regarding Log4J. But is it possible to change the log4j jar file to its latest version?
Operating system used: RHEL 7
Answers
-
Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,226 DataikerHi @suraj1012
,As noted here : https://doc.dataiku.com/dss/latest/security/index.html
DSS has been verified to not be susceptible to any of the log4j attack vectors.
If you want to reduce the noise from the vuln scanners you will need to upgrade to DSS 11.2.0.
Please note not to remove or alter the log4j jar file yourself as this will break DSS.
Thanks -
Thank you AlexT!
Regards,
Suraj S