Further to my post below and many thanks to max...@he...<mailto:max...@he...>
Unfortunately going to an open JDK of java does not help us; since Java 11 is incompatible with our DB Driver we are using, i.e. we have written our own FIBDBDriver.jar which allows squirrel-sql to interface to our BLOB and query various views and data within this BLOB. This however FIBDBDriver.jar is only compatible with java 8, 7 etc.. .it is not compatible with java 11 or above as when I try and connect I get errors. – sorry I should of said this in my original post.
We have tried this with Open JDK 11.0.8+10 for Windows.
Sorry for not including this information in the original post.
From: Slater, Stuart
Sent: Thursday, March 3, 2022 5:36 AM
To: squ...@li...
Subject: log4j and Squirrel-SQL older versions prior to 4.3
Importance: High
Hi,
We have been using Squirrel SQL in our development environment with Java 8 and our own DB Driver.jar for accessing a BLOB ; works perfectly – thank you.
However because of the recent log4j vulnerabilities also impacting versions 1.* of log4j we have been told to stop using squirrel
We have attempt to try squirrel 4.3 but because of its requirement requiring java 11 or above, we cannot go to this version.
We have even tried the following
https://logging.apache.org/log4j/2.x/manual/migration.html#:~:text=You%20may%20be%20able%20to,2's%20log4j%2D1.2%2Dapi
i.e. with version 4.1.0 we removed log4j.jar from the lib directory, and added in
log4j-1.2-api-2.17.2.jar
log4j-api-2.17.2.jar
log4j-core-2.17.2.jar
and added the system property to your log4j.properties as follows:-
log4j1.compatibility=true
however Squirrel 4.1.0 fails to launch and we still have the same problem.
We really need version 4.1.0 to work with java 8 and to have this log4j vulnerability patched or removed please?
Is there any suggestions or workarounds you can suggest?
Will version 4.1.0 be patched to fix the log4j vulnerability?
Really sorry to ask this.
Thank you for your help.
Stu Slater
Unless otherwise stated, this email has been sent from Fujitsu Services Limited (registered in England No 96056); Fujitsu EMEA PLC (registered in England No 2216100) both with registered offices at: 22 Baker Street, London W1U 3BW; PFU (EMEA) Limited, (registered in England No 1578652) registered offices at: Belmont, Belmont Road, Uxbridge, England, UB8 1HE and Fujitsu Research of Europe Ltd (registered in England No. 4153469) 4th Floor, Building 3, Hyde Park Hayes, 11 Millington Road, Hayes, UB3 4AZ.
This email is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee that this email has not been intercepted and amended or that it is virus-free.
|