You can follow the instructions <https://logging.apache.org/log4j/2.x/security.html> from the Apache Log4j project and just remove the JndiLookup class from the classpath:
- zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class On Tue, 11 Jan 2022 at 20:42, Carmen Molatch <[email protected]> wrote: > Hello > > We have Storm 1.2.2. Do I need to upgrade to a later version or can I > replace the log4j* files (2.8.2) with the latest 2.17.1 files? Is that > advisable or should it be avoided? > > Thank you > > Carmen
