Log4j library of Mid Servers

Joanna15
Tera Expert

‎01-04-2022 06:50 PM

The Now Support KB article about Log4J (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) says: The MID Server, similarly, is not vulnerable to this exploit but does contain an unused, but potentially vulnerable, version of the log4J library.

Our mid-servers are on Rome and with a higher version of open JDK (1.8.0_231). Meanwhile we still see log4j-core.jar files 2.14.0.0 in the mid server installation folders (Event Management, Discovery, RemoteFile, etc). The question is if this version of log4j-core.jar is not being used, can these log4j-core.jar files be safely removed? Is there a good way to clean them up?

Labels:
0 Helpfuls
  • 2,591 Views
6 REPLIES 6

Joanna15
Tera Expert
In response to Maik Skoddow

‎01-07-2022 01:11 AM

Thank you Maik. I will test the rename and see how it works! 

0 Helpfuls

Maik Skoddow
Tera Patron
Tera Patron
In response to Joanna15

‎01-12-2022 10:34 AM

Hi @Joanna

any news on that?

Kind regards
Maik

0 Helpfuls