Got it, thanks Tim! So it sounds like our only option would be to upgrade to Dspace 7.x if we need to use the new version of Log4j.
Thanks for the quick response to this! -Braxton VanGundy On Tuesday, December 14, 2021 at 5:02:28 PM UTC-5 Tim Donohue wrote: > Hi Braxton, > > It's not possible to get DSpace 6.x or below to use log4j v2 without > significant code changes (as log4j v2 is not backwards compatible with > log4j v1). The effort to upgrade DSpace 7.x to use log4j v2 required over > 1,000 lines of code to be changed, see: > https://github.com/DSpace/DSpace/pull/2241 At this point in time, we do > not have a way to backport that effort to DSpace 6.x (or below). > > Tim > > On Tuesday, December 14, 2021 at 3:58:09 PM UTC-6 [email protected] wrote: > >> Hello, >> >> We are on Dspace 6.3 and we are trying to update our log4J jar file to >> the latest 2.16.0 version. Even though the log4j 1.X.X files are not >> included in the latest vulnerability, we still would like to upgrade it. >> >> We changed out the log4j-1.2.17.jar file in ROOT/WEB-INF/lib/ with >> the log4j-core-2.16.0.jar file (and restarted the app), however the logs >> show that the app is still looking for the original log4j-1.2.17.jar file. >> I thought dspace was configured to look at the contents of the >> ROOT/WEB-INF/lib/ folder and load the libraries based on that, but it looks >> like I was wrong. What do I have to do to get dspace to use this new Jar? >> >> Thank you, >> Braxton VanGundy >> > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/02cfb30e-9530-44a6-adf4-6201100cbf55n%40googlegroups.com.
