|
From: Gerd W. <ger...@t-...> - 2022-03-09 19:37:46
|
Sorry, but the only SQuirreL versions without Log4J dependency are snapshot 20220222_1929 or higher. The latest snapshot is available here: https://sourceforge.net/projects/squirrel-sql/files/3-snapshots/ As SQuirreL is open source you may well try to check out the source code of the "4.2.0 release" commit which was about the last Java 8 compatible version and the patch the changes which removed Log4J back to this version. If you do so your are only obliged to make your changes open source available. Your could do so for example by dropping a patch here: https://sourceforge.net/p/squirrel-sql/patches/ Gerd Am 03.03.22 um 06:35 schrieb stu...@fu...: > Hi, > > We have been using Squirrel SQL in our development environment with Java > 8 and our own DB Driver.jar for accessing a BLOB ; works perfectly – > thank you. > > However because of the recent log4j vulnerabilities also impacting > versions 1.* of log4j we have been told to stop using squirrel > > We have attempt to try squirrel 4.3 but because of its requirement > requiring java 11 or above, we cannot go to this version. > > We have even tried the following > > https://logging.apache.org/log4j/2.x/manual/migration.html#:~:text=You%20may%20be%20able%20to,2's%20log4j%2D1.2%2Dapi > <https://logging.apache.org/log4j/2.x/manual/migration.html#:~:text=You%20may%20be%20able%20to,2's%20log4j%2D1.2%2Dapi> > > > i.e. with version 4.1.0 we removed log4j.jar from the lib directory, and > added in > > log4j-1.2-api-2.17.2.jar > > log4j-api-2.17.2.jar > > log4j-core-2.17.2.jar > > and added the system property to your log4j.properties as follows:- > > log4j1.compatibility=true > > however Squirrel 4.1.0 fails to launch and we still have the same problem. > > > We really need version 4.1.0 to work with java 8 and to have this log4j > vulnerability patched or removed please? > > Is there any suggestions or workarounds you can suggest? > > Will version 4.1.0 be patched to fix the log4j vulnerability? > > Really sorry to ask this. > > Thank you for your help. > > Stu Slater > > Unless otherwise stated, this email has been sent from Fujitsu Services > Limited (registered in England No 96056); Fujitsu EMEA PLC (registered > in England No 2216100) both with registered offices at: 22 Baker Street, > London W1U 3BW; PFU (EMEA) Limited, (registered in England No 1578652) > registered offices at: Belmont, Belmont Road, Uxbridge, England, UB8 1HE > and Fujitsu Research of Europe Ltd (registered in England No. 4153469) > 4th Floor, Building 3, Hyde Park Hayes, 11 Millington Road, Hayes, UB3 4AZ. > > This email is only for the use of its intended recipient. Its contents > are subject to a duty of confidence and may be privileged. Fujitsu does > not guarantee that this email has not been intercepted and amended or > that it is virus-free. > > > > _______________________________________________ > Squirrel-sql-users mailing list > Squ...@li... > https://lists.sourceforge.net/lists/listinfo/squirrel-sql-users |
