Reputation: 19
how to tell which log4j is my java app using?
I have several java applications (running on Linux) that appear to specify a specific "log4j" version in the java executable.... For example:
<path to .../bin/java -Xmx242M -XX:MaxPermSize=160M blahblahblah:<path to log4j-core.jar:blahblah
The log4j version specified in the java executable is 1.2.17 (so...not vulnerable)
However, the vendor says the application uses log4j-core-2.9.1.jar (so... yes vulnerable)?
But if java is specifying the older version, why would the app be using the newer version?
How can I tell for sure which "log4j" is in use?
Upvotes: 0
Views: 814
Answers (1)
Reputation: 11
Make a new folder then unzip the jar file into the folder. Then do Ctrl-F log4j and you will see jar files for log4j with the version on them.
Upvotes: 1
Related Questions
- How can I find out what version of Log4J I am using?
- How can I check if my Java project uses Log4j and which version?
- How to check the version of log4j used by a given slf4j?
- Log4j - How to log the application name?
- Log4j show package name
- How to know my Java application is run for first time
- How to get jar class is coming from
- log4j: which config file was used?
- How to know where the log4j output come from?
- How can I tell where is Log4j picking its configuration from