Will there be any problems in directly replacing the version of Log4j.jar from 1.17 to 2.X in SQL Server 2019?

Shi Liu 0 Reputation points
2024-05-13T02:26:20.46+00:00

Hi Team,

Background:

We now have installed Microsoft SQL Server 2019 Express locally. After installation, we found that it automatically uses the Log4j 1.2.17 version jar package. (As shown in the picture.)

log4j

Since the jar package of Log4j version 1.2.17 has security issues, we now want to upgrade this jar package to 2.16.0 version.

Question:

If we directly replace the local Log4j 1.2.17.jar package with the Log4j 2.16.0 version jar package, will it affect the existing data in SQL Server? Or are there any risks?

It would be a big help if you could answer me as soon as possible.

Thanks,

Liu shi

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,851 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Olaf Helper 41,006 Reputation points
    2024-05-13T05:55:51.79+00:00

  2. MikeyQiao-MSFT 575 Reputation points Microsoft Vendor
    2024-05-14T03:17:05.5733333+00:00

    Hi Shi Liu,

    Microsoft released CU16 that includes this log4j resolution.

    https://learn.microsoft.com/en-US/troubleshoot/sql/releases/sqlserver-2019/cumulativeupdate16#14669019

    Best Regards,

    Mikey Qiao


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.