|
From: <stu...@fu...> - 2022-03-03 05:51:33
|
Hi, We have been using Squirrel SQL in our development environment with Java 8 and our own DB Driver.jar for accessing a BLOB ; works perfectly - thank you. However because of the recent log4j vulnerabilities also impacting versions 1.* of log4j we have been told to stop using squirrel We have attempt to try squirrel 4.3 but because of its requirement requiring java 11 or above, we cannot go to this version. We have even tried the following https://logging.apache.org/log4j/2.x/manual/migration.html#:~:text=You%20may%20be%20able%20to,2's%20log4j%2D1.2%2Dapi i.e. with version 4.1.0 we removed log4j.jar from the lib directory, and added in log4j-1.2-api-2.17.2.jar log4j-api-2.17.2.jar log4j-core-2.17.2.jar and added the system property to your log4j.properties as follows:- log4j1.compatibility=true however Squirrel 4.1.0 fails to launch and we still have the same problem. We really need version 4.1.0 to work with java 8 and to have this log4j vulnerability patched or removed please? Is there any suggestions or workarounds you can suggest? Will version 4.1.0 be patched to fix the log4j vulnerability? Really sorry to ask this. Thank you for your help. Stu Slater Unless otherwise stated, this email has been sent from Fujitsu Services Limited (registered in England No 96056); Fujitsu EMEA PLC (registered in England No 2216100) both with registered offices at: 22 Baker Street, London W1U 3BW; PFU (EMEA) Limited, (registered in England No 1578652) registered offices at: Belmont, Belmont Road, Uxbridge, England, UB8 1HE and Fujitsu Research of Europe Ltd (registered in England No. 4153469) 4th Floor, Building 3, Hyde Park Hayes, 11 Millington Road, Hayes, UB3 4AZ. This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free. |
