Share via

Apache Log4j Vulnerability - SQL Server Data Tools (SSDT) for Visual Studio

Anthonyus Halim 1 Reputation point
2021-12-15T16:10:07.897+00:00

As part of our CI/CD we are dependent on SSDT component to deploy our SSIS packages to our SQL Database servers. We noticed that the SSDT installation bundled includes the log4j-1.2.17.jar which is End of life since 2015. Is there any plan to update the SSDT to use the latest version of log4j (at least version 2.1.15)?

SQL Server Integration Services
SQL Server Integration Services
A Microsoft platform for building enterprise-level data integration and data transformations solutions.
2,703 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yitzhak Khabinsky 26,586 Reputation points
    2021-12-15T19:24:10.237+00:00
    0 comments
  2. ZoeHui-MSFT 41,491 Reputation points
    2021-12-16T02:59:47.82+00:00

    Hi @Anthonyus Halim ,

    Is there any plan to update the SSDT to use the latest version of log4j

    Log4j2 is a Java library that is deployed as part of a Java application or service, it is not part of Windows or any other Operating System itself.

    Temporarily, I have not found an official documentation about the plan to update the SSDT to use the latest version of log4j.

    Once we got any feedback, I'll post back here.

    Regards,

    Zoe

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.