'Apache Log4j Unsupported Version Detection under Visual Studio 2017

we have installed Visual Studio 2017 in our desktop. thru the Vulnerability scan, below issues raised. What would be the possible way to fix this issue. Shall we simply replace the Log4J jar file with the updated version in the below path ?

Path : C:\Program Files (x86)\Microsoft Visual Studio\2017\SQL\Common7\IDE\CommonExtensions\Microsoft\SSIS\150\Extensions\Common\Jars\log4j-1.2.17.jar

Installed version : 1.2.17 Fixed version : 2.16.0

visual-studio-2017log4j


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Visual Studio - suddenly cannot debug tests

Why does my extension's menu item not appear?

How to solve the error "Must use PackageReference"?

Can't install DotNetNuke (DNN) Development Project Templates on Visual Studio 2017

Need to retrieve images (Varbinary MAX) from SQL Server 2014 to Xamarin by using C#

How avoid new instance of Visual Studio when hit debugger statement in javascript

Is it able to ignore/disable the first step Get source in vNext Build?

Visual Studio showing false errors

Visual Studio Crashes When Adding a DataSet to a Report, Could not load file or assembly

Unwanted *.js and *.js.map files are being generated from .ts in some areas of project

VSTest Task running v1 when v2 expected, vstestLocation ignored

How can I refresh the list of remote branches in my Visual Studio 2017 Team Explorer panel?

Nuget Package Source is not prompting for credentials

tf.exe "you are not authorized to access", is not accepting my login parameter

How to remove BOM (Byte Order Mark) in CSV export using visual studio SSRS 2017