This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 48%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGV%3C/text%3E%3C/svg%3E)
Hello,
Our application is using SQL 2019 Express. After installation of SQL 2019 SQL 2019 Express edition RTM (15.0.2000.5) Log4J components are found under "C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars". We did our analysis and understood that SQL 2019 Express edition RTM (15.0.2000.5) is placing these Log4J binary in "C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars" folder.
However, after installation of SQL 2017 Express edition (14.0.1000.169) the Log4J components are not found in the installation location. There is a vulnerability reported associated with Log4J, so we want to avoid rid of Log4J
Q: Does only SQL 2019 Express edition RTM (15.0.2000.5) installs Log4J components?
Q: Can we know the steps to avoid Log4J components during installation as we don’t require java components for our application?
Q: In the future release of SQL , will Log4J continue to exist.
Kindly resolve these questions soon.
Thanks,
GayatriKumar
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Hi @Gudala, v s s GayatriKumar ,
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
Best regards,
Seeya
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 1%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Hi @Gudala, v s s GayatriKumar ,
Please read the blog as Tom post which is a official response.
The published list shows affected products only. If a product you seek information on is not listed there, it is because it is not impacted by CVE–2021–44228 or CVE–2021–45046 at the time of this publication. Microsoft continuously monitors for potential threats. For products and services not listed, no action is required by you at this time.
Best regards,
Seeya
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.