cancel
Showing results for 
Search instead for 
Did you mean: 

How to fix neo4j log4j issues

luckyyun
Node Link

안녕하세요. 오랜만에 커뮤니티에 질문합니다.
neo4j 4.2.11은 log4j 보안이슈 관련해서 조치방법에 대해 공식가이드를 전달해주지 않나요?
4.2.X 엔터프라이즈 버전을 사용하고 있는데(우분투 os) log4j 보안이슈해결방법에 대해 아시는분이 있다면 상세하게 알려주시면 감사하겠습니다.
[Google translation]
Hello. It's been a while since I asked the community.
Isn't neo4j 4.2.11 an official guide on how to deal with log4j security issues?
I am using the 4.2.X enterprise version (Ubuntu os), and if anyone knows how to solve the log4j security issue, please let me know in detail.

3 REPLIES 3

koji
Ninja
Ninja

Hi @luckyyun

This post is helpful.

Log4J CVE Mitigation for Neo4j

Until the official version upgrade, I modified neo4j.conf to fix this.

안녕하세요 .Koji님

보내주신 URL의 내용을보내주시기 전에 저는 이 글을 먼저 읽고log4j 조치를 했습니다.

그러나 log4j 2.14 버전을 그대로 사용해야되는지 의문입니다.

제 커뮤니티글에 관심가져주셔서 감사합니다.

[Google translation]

Hello, Koji

Before sending the content of the URL you sent, I read this article first and took action on log4j.

But I wonder if I should use the log4j version 2.14 as is.

Thank you for your interest in my community posts.

3X_5_8_58bc56824090e5ff9034365c7fac0ed1f5d51c6a.png

If using neo4j version 4.1.11 according to the announcement it uses an unaffected version of log4j neo4j/pom.xml at 4.1.11 · neo4j/neo4j · GitHub.

How can I confirm that is the case in the docker image 4.1.11-enterprise? Where would I look for the version of that dependency?