Forum Discussion
Security Issue with log4j ?
Hello,
we found the log4j.jar files in an Microsoft SQL folder.
Most likely those files are only used when you use an ODBJC connector?
Am I right?
By default those Java files are no problem anyway, whenever Javascript is not installed on the SQL server, correct?
(I could not find anything about it on the microsoft SQL website)
Thanks for your thoughts.
Directory: C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 9/24/2019 4:21 PM 489884 log4j-1.2.17.jar
-a---- 9/24/2019 4:21 PM 8869 slf4j-log4j12-1.7.5.jar
- SQL Server does install log4j, more info here:
https://docs.microsoft.com/en-us/answers/questions/662469/log4j-vulnerability-concerns.html
- When you install SQL Server then it also installs log4j
Carsten2021 , MS SQL Server do not install nor utilize any Java components.
Is it possible, that you have installed a third-party product as extension for SSIS?
- SQL Server does install log4j, more info here:
https://docs.microsoft.com/en-us/answers/questions/662469/log4j-vulnerability-concerns.html- Will there be any impact if we delete log4j from below directory
Directory: C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars
Is there any way to restore it back (after deleting) and upgrade the log4j version?
- There is a software installed, but no Java. I guess it came with SQL Express ...
