This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 22%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Hi Team,
Background:
We now have installed Microsoft SQL Server 2019 Express locally. After installation, we found that it automatically uses the Log4j 1.2.17 version jar package. (As shown in the picture.)
Since the jar package of Log4j version 1.2.17 has security issues, we now want to upgrade this jar package to 2.16.0 version.
Question:
If we directly replace the local Log4j 1.2.17.jar package with the Log4j 2.16.0 version jar package, will it affect the existing data in SQL Server? Or are there any risks?
It would be a big help if you could answer me as soon as possible.
Thanks,
Liu shi
Thank you for your help.
Because our environment cannot install the latest CU, we want to solve this problem by upgrading to Apache Log4j version 2.16.0.
If we download the Apache Log 4j-2.16.0 jar package, and then manually replace the local Log 4j-1.2.17 package with the 2.16.0 version, will there be any problems?
If you know the answer to the above question please help me, thank you.
Hi Shi Liu,
Microsoft released CU16 that includes this log4j resolution.
Best Regards,
Mikey Qiao
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for your help.
Because our environment cannot install the latest CU16, we want to solve this problem by upgrading to Apache Log4j version 2.16.0.
If we download the Apache Log 4j-2.16.0 jar package, and then manually replace the local Log 4j-1.2.17 package with the 2.16.0 version, will it affect the existing data in SQL Server2019? Or are there any problems?
If you know the answer to the above question please help me, thank you.
Log4j2 is a Java library that is deployed as part of a Java application or service, it is not part of Windows or any other Operating System itself.
https://logging.apache.org/log4j/2.x/
will it affect the existing data in SQL Server2019?
It is not a component of the database engine at all, but merely a tool. It can be said with certainty that it will not affect the data of the database.
Regarding Microsoft’s Response to Log4j.
https://msrc.microsoft.com/blog/2021/12/microsofts-response-to-cve-2021-44228-apache-log4j2/