Change log4j version

suraj1012
Level 2
Change log4j version

Dataiku installation directory contains log4j 1.2.17. Security team has raised a critical vulnerability regarding this. I know DSS has confirmed that its not vulnerable to the family of vulnerabilities regarding Log4J. But is it possible to change the log4j jar file to its latest version?


Operating system used: RHEL 7

0 Kudos
2 Replies
AlexT
Dataiker

Hi @suraj1012 ,

As noted here : https://doc.dataiku.com/dss/latest/security/index.html

DSS has been verified to not be susceptible to any of the log4j attack vectors.

If you want to reduce the noise from the vuln scanners you will need to upgrade to DSS 11.2.0. 

Please note not to remove or alter the log4j jar file yourself as this will break DSS. 

Thanks

0 Kudos
suraj1012
Level 2
Author

Thank you AlexT!

Regards,
Suraj S

0 Kudos