Upgrade log4j version?

[gm4rtin]

What are the upgrade options and process for log4j 1.2.17 on a VIVO 1.13 installation?  Log4j 1.2.17 is EOL and is being flagged by our vulnerability scanner at "<tomcat>/webapps/vivo/WEB-INF/lib/log4j-1.2.17.jar" and in the build directories.  Thanks in advance.

[Dragan Ivanovic]

Hi,

Thank you for reporting this. I will open a ticket for this and hopefully it might be fixed for VIVO 1.15.0. Meanwhile, I think you can change that in this line - https://github.com/vivo-project/Vitro/blob/main/dependencies/pom.xml#L215. It looks that slf4j-log4j12 version 1.7.26 depends on log4j 1.2.17 (source - https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.26).

Regards,

Dragan ivanovic

On 10/5/2023 12:40 AM, gm4rtin wrote:

What are the upgrade options and process for log4j 1.2.17 on a VIVO 1.13 installation?  Log4j 1.2.17 is EOL and is being flagged by our vulnerability scanner at "<tomcat>/webapps/vivo/WEB-INF/lib/log4j-1.2.17.jar" and in the build directories.  Thanks in advance.

--
You received this message because you are subscribed to the Google Groups "VIVO Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vivo-tech+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vivo-tech/a3a9611f-9cc8-43c5-9c7e-fcd0d119251bn%40googlegroups.com.

[Manuel Hidalgo]

Dear All, 

We would like to export "Entire RDF model for the application (TBox and ABox, including application metadata)", but shows error.  Could be possible to do the same export with some internal instruction ?

Best regards

Manuel

[Brian Lowe]

Hi Manuel,

 

Most likely the error is because the export is taking long enough that the connection between Apache and Tomcat times out.  Assuming there’s enough memory available, you should be able to increase the timeout to the point where it successfully returns the file.  You should be able to add a timeout value to the ProxyPass directive, for example 1200 seconds to give it 20 minutes to return the response:

 

ProxyPass / ajp://localhost:8009/ timeout=1200

 

If you don’t want to monkey with that you might also try the Dump/Restore utility in the Ingest Tools (Site Admin > Ingest Tools > Dump or Restore the knowledge base).  This will output the data in quads format so it can be restored exactly in another VIVO, and you may have better luck getting it to start outputting the response before the timeout intervenes.

 

Brian

 

--

You received this message because you are subscribed to the Google Groups "VIVO Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vivo-tech+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vivo-tech/CY5PR17MB60236403EB1145E47D23D81BF5702%40CY5PR17MB6023.namprd17.prod.outlook.com.

[Manuel Hidalgo]

Manuel Hidalgo reacted to your message:

---

From: vivo...@googlegroups.com <vivo...@googlegroups.com> on behalf of Brian Lowe <br...@ontocale.com>
Sent: Tuesday, January 23, 2024 7:52:31 PM
To: vivo...@googlegroups.com <vivo...@googlegroups.com>
Subject: [vivo-tech] Re: EXPORT - Entire RDF model for the application

 

To view this discussion on the web visit https://groups.google.com/d/msgid/vivo-tech/VE1P194MB08795CC1C4DBC19177CD6409D2742%40VE1P194MB0879.EURP194.PROD.OUTLOOK.COM.

[Manuel Hidalgo]

Hi Brian, 

Thanks for your suggestions, we are going to modify the timeout.

Manuel

---

De: vivo...@googlegroups.com <vivo...@googlegroups.com> en nombre de Brian Lowe <br...@ontocale.com>
Enviado: martes, 23 de enero de 2024 13:52
Para: vivo...@googlegroups.com <vivo...@googlegroups.com>
Asunto: [vivo-tech] Re: EXPORT - Entire RDF model for the application

 

To view this discussion on the web visit https://groups.google.com/d/msgid/vivo-tech/VE1P194MB08795CC1C4DBC19177CD6409D2742%40VE1P194MB0879.EURP194.PROD.OUTLOOK.COM.