ConfD User Community

ConfD Java API in old ConfD installation

Hi, Is it possible to use the latest Java API jar(ex: conf-api-7.6.3.jar) in old ConfD binary(ex: 6.6.1) installation?
I would like to use the latest jar to take care of the log4j vulnerabilities.

Definitely not without lots of changes on many places. ConfD-6.6.1 is almost 4 years old and there were changes that can make this even impossible.

But you have other options:

  • If your main concern is log4j, you might be able to use recent version of that with log4j 1.x bridge; so you would stay with the old Java ConfD API, but bind to new log4j 2 version using the bridge.

  • If your main concern is log4j and of that the recently discovered log4shell vulnerability, I believe you can stay calm and ignore it - the vulnerability applies to log4j 2, pre-7.3 ConfD releases use log4j 1 which is not affected.

Thanks for your input. I will check.