Neo4j

luckyyun · ‎12-12-2021

안녕하세요. 오랜만에 커뮤니티에 질문합니다.
neo4j 4.2.11은 log4j 보안이슈 관련해서 조치방법에 대해 공식가이드를 전달해주지 않나요?
4.2.X 엔터프라이즈 버전을 사용하고 있는데(우분투 os) log4j 보안이슈해결방법에 대해 아시는분이 있다면 상세하게 알려주시면 감사하겠습니다.
[Google translation]
Hello. It's been a while since I asked the community.
Isn't neo4j 4.2.11 an official guide on how to deal with log4j security issues?
I am using the 4.2.X enterprise version (Ubuntu os), and if anyone knows how to solve the log4j security issue, please let me know in detail.

koji · ‎12-12-2021

Hi @luckyyun

This post is helpful.

Log4J CVE Mitigation for Neo4j

Until the official version upgrade, I modified neo4j.conf to fix this.

luckyyun · ‎12-12-2021

안녕하세요 .Koji님

보내주신 URL의 내용을보내주시기 전에 저는 이 글을 먼저 읽고log4j 조치를 했습니다.

그러나 log4j 2.14 버전을 그대로 사용해야되는지 의문입니다.

제 커뮤니티글에 관심가져주셔서 감사합니다.

[Google translation]

Hello, Koji

Before sending the content of the URL you sent, I read this article first and took action on log4j.

But I wonder if I should use the log4j version 2.14 as is.

Thank you for your interest in my community posts.

lia_tasoudi · ‎12-13-2021

If using neo4j version 4.1.11 according to the announcement it uses an unaffected version of log4j neo4j/pom.xml at 4.1.11 · neo4j/neo4j · GitHub.

How can I confirm that is the case in the docker image 4.1.11-enterprise? Where would I look for the version of that dependency?

Neo4j

How to fix neo4j log4j issues