Removing log4j-1.2.15.jar file permanently

Good day,

Is there a way to permanently delete the log4j-1.2.15.jar file that Knime uses? We have a Security Assessment which we keep failing because of this file. I have tried removing it but it keeps appearing again.

I am aware of the blog post by Knime that claims that Knime is not affected by the security risk the file possesses but we are not happy with that.

The files is located in the following location:
C:\Program Files\KNIME\configuration\org.eclipse.osgi\101\0.cp\lib\log4j-1.2.15.jar

Any help would be appreciated :slight_smile:

Best,
Bheeshma

You cannot remove it because we still use Log4j 1.2. We may update to Log4j 2 for the next feature release in summer.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.