Log4j library of Mid Servers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-04-2022 06:50 PM
The Now Support KB article about Log4J (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) says: The MID Server, similarly, is not vulnerable to this exploit but does contain an unused, but potentially vulnerable, version of the log4J library.
Our mid-servers are on Rome and with a higher version of open JDK (1.8.0_231). Meanwhile we still see log4j-core.jar files 2.14.0.0 in the mid server installation folders (Event Management, Discovery, RemoteFile, etc). The question is if this version of log4j-core.jar is not being used, can these log4j-core.jar files be safely removed? Is there a good way to clean them up?
- Labels:
-
MID Server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2022 01:11 AM
Thank you Maik. I will test the rename and see how it works!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-12-2022 10:34 AM
Hi
any news on that?
Kind regards
Maik