Log4j library of Mid Servers

Joanna15
Tera Expert

The Now Support KB article about Log4J (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) says: The MID Server, similarly, is not vulnerable to this exploit but does contain an unused, but potentially vulnerable, version of the log4J library.

Our mid-servers are on Rome and with a higher version of open JDK (1.8.0_231). Meanwhile we still see log4j-core.jar files 2.14.0.0 in the mid server installation folders (Event Management, Discovery, RemoteFile, etc). The question is if this version of log4j-core.jar is not being used, can these log4j-core.jar files be safely removed? Is there a good way to clean them up?

6 REPLIES 6

Thank you Maik. I will test the rename and see how it works! 

Hi @Joanna

any news on that?

Kind regards
Maik