Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Log4j library of Mid Servers

Joanna15
Tera Expert

‎01-04-2022 06:50 PM

The Now Support KB article about Log4J (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) says: The MID Server, similarly, is not vulnerable to this exploit but does contain an unused, but potentially vulnerable, version of the log4J library.

Our mid-servers are on Rome and with a higher version of open JDK (1.8.0_231). Meanwhile we still see log4j-core.jar files 2.14.0.0 in the mid server installation folders (Event Management, Discovery, RemoteFile, etc). The question is if this version of log4j-core.jar is not being used, can these log4j-core.jar files be safely removed? Is there a good way to clean them up?

Labels:
0 Helpfuls
  • 2,707 Views
6 REPLIES 6

Joanna15
Tera Expert
In response to Maik Skoddow

‎01-07-2022 01:11 AM

Thank you Maik. I will test the rename and see how it works! 

0 Helpfuls

Maik Skoddow
Tera Patron
Tera Patron
In response to Joanna15

‎01-12-2022 10:34 AM

Hi @Joanna

any news on that?

Kind regards
Maik

0 Helpfuls