(7.6+) Updating log4j 2.x to 2.17.1
All versions of the log4j logging framework prior to 2.16 contain a security vulnerability which is mitigated in version 2.16 and higher. We highly recommend upgrading your deployment of log4j to the most recent version using the steps below.
IVG 5.0+ with OS 8
Update Tomcat
Use the following steps to update the Apache Tomcat version.
1. Stop the tomcat service.
2. Copy the contents of the Tomcat_Log4j2.17.1 directory to the IVG server.
3. Back up and remove the existing jar files and configuration script.
4. Navigate to the Log4j2.17.1 directory, then copy new jar files and new configuration script to the tomcat installation path.
5. Set appropriate permissions. The following example will grant permissions to the tomcat-ivg user and group, but you can substitute a different user and group if needed.
6. Start the tomcat service
Update the CTI Event Consumer service
1. Copy the contents of the CTIEventConsumer_log4j2.17.1_IVG5 directory to the IVG server.
2. Stop the holly service.
3. Back up and remove the existing log4j jar files for CTI Event consumer.
4. Navigate to the location of the CTIEventConsumer_log4j2.17.1_IVG5 files and copy the new artifacts into the CTIEventConsumer directory.
5. Set appropriate permissions. The following example will grant permissions to the holly-ivg user and group, but you can substitute a different user and group if needed.
6. Start the holly service.
IVG 5.0+ with OS 7
Update Tomcat
Use the following steps to update the Apache Tomcat version.
1. Stop the tomcat service.
2. Copy the contents of the Tomcat_Log4j2.17.1 and OpenJDK_3.9-through-51_Linux7x directories to the IVG server.
3. Navigate to the OpenJDK_3.9-through-51_Linux7xdirectory and upgrade the OpenJDK version.
If the above command returns package conflicts and fails to install the package, try this alternative:
4. Update the Java path.
5. Back up and remove the existing jar files and configuration script.
6. Navigate to the Log4j2.17.1 directory and copy the new jar files and new configuration script to the appropriate locations.
7. Set appropriate permissions. The following example will grant permissions to the tomcat-ivg user and group, but you can substitute a different user and group if needed.
8. Start the tomcat service.
Update the CTI Event Consumer service
1. Copy the contents of the CTIEventConsumer_log4j2.17.1_IVG5 directory to the IVG server.
2. Stop the holly service.
3. Back up and remove the existing log4j jar files for CTI Event consumer.
4. Navigate to the location of the CTIEventConsumer_log4j2.17.1_IVG5files and copy the new artifacts to the CTIEventConsumer directory.
5. Set appropriate permissions. The following example will grant permissions to the holly-ivg user and group, but you can substitute a different user and group if needed.
6. Start the holly service.
IVG 3.9 to 4.1 with OS 7
Update Tomcat
1. Stop the tomcat service.
2. Copy the contents of the following directories to the IVG server:
- OpenJDK_3.9-through-4.1_Linux79
- Tomcat_Log4j2.17.1
3. Navigate to the OpenJDK_3.9-through-4.1_Linux79 directory and upgrade the OpenJDK version.
If the above command returns package conflicts and fails to install the package, try this alternative:
4. Update the Java path.
5. Back up and remove the existing jar files and configuration script.
6. Navigate to the Tomcat_Log4j2.17.1 directory and copy the new jar files and new configuration script to the Tomcat installation path.
7. Set the appropriate permissions. The following example will grant permissions to the tomcat-ivg user and group, but you can substitute a different user and group if needed.
8. Start the tomcat service.
Update the CTI Event Consumer service
1. Copy the contents of the new CTI Event Consumer artifacts directory (CTIEventConsumer_log4j2.17.1_IVG 3.10-through-4.1) from from the build server to the IVG server.
2. Stop the holly service.
3. Back up and remove the existing log4j jar files for CTI Event Consumer.
4. Navigate to the CTIEventConsumer_log4j2.17.1_IVG 3.10-through-4.1 directory and copy the new artifacts to the appropriate locations.
5. Set appropriate permissions. The following example will grant permissions to the holly-ivg user and group, but you can substitute a different user and group if needed.
6. Start the holly service.
IVG 3.9 to 4.1 with OS 6
Update Tomcat
1. Stop the tomcat service.
2. Copy the contents of the following directories to the IVG server:
- OpenJDK_3.9-through-4.1_Linux610
- Tomcat_Log4j2.17.1
3. Navigate to the OpenJDK_3.9-through-4.1_Linux610 directory and upgrade the OpenJDK version.
If the above command returns package conflicts and fails to install the package, try this alternative:
4. Update the Java path
5. Back up and remove the existing jar files and configuration script.
6. Navigate to the Tomcat_Log4j2.17.1 directory and copy the new jar files and configuration script to the appropriate locations.
7. Set appropriate permissions. The following example will grant permissions to the tomcat-ivg user and group, but you can substitute a different user and group if needed.
8. Start the tomcat service.
Update the CTI Event Consumer service
These steps are only required for IVG 3.10 to 4.1.
1. Copy the contents of the new CTI Event Consumer artifacts directory (CTIEventConsumer_log4j2.17.1_IVG 3.10-through-4.1) from the build server to the IVG server.
2. Stop the holly service.
3. Back up and remove the existing log4j jar files for CTI Event consumer.
4. Navigate to the CTIEventConsumer_log4j2.17.1 directory and copy the new artifacts to the CTI Event Consumer directory.
5. Set appropriate permissions. The following example will grant permissions to the holly-ivg user and group, but you can substitute a different user and group if needed.
6. Start the holly service
IVG 3.5 to 3.8
You will only need to update the Apache Tomcat version when using IVG 3.5 to 3.8.
1. Stop the tomcat service.
2. Copy the contents of the following directories to the IVG server:
- JRE_3.5-through-3.8
- Tomcat_Log4j2.17.1
3. Navigate to the JRE_3.5-through-3.8 directory and upgrade the OpenJDK version.
4. Update the Java path.
5. Back up and remove the existing jar files and configuration script.
6. Navigate to the Tomcat_Log4j2.17.1 directory and copy the new jar files and new configuration script to the Tomcat installation path.
7. Set appropriate permissions. The following example will grant permissions to the tomcat-ivg user and group, but you can substitute a different user and group if needed.
8. Start the tomcat service
Standalone VIS on Windows
Prerequisite
- Log4j version 2.13.0 and higher require Java 8
Upgrade Instructions
- Extract the contents of the log4j2_2.17.1 archive to Tomcat\lib
- Configure the Context element within Tomcat\conf\context.xml to contain swallowOutput="true"
- Launch the Tomcat configuration utlity (Tomcat<version>w located at \\Program Files (x86)\Apache Software Foundation\Tomcat <version>\bin by default)
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\bin
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\bin\bootstrap.jar
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\bin\tomcat-juli.jar
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib\tomcat-juli-adapters.jar
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib\log4j-core-2.17.1.jar
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib\log4j-api-2.17.1.jar
- C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib\log4j-jul-2.17.1.jar
3b. Make the following updates in the Java Options section:
- Update the Djava.util.logging.manager property to read -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
- Update the Djava.util.logging.config.file property to read -Djava.util.logging.config.file=C:\Program Files\Apache Software Foundation\Tomcat {Version}\lib\log4j2.xml
4. Restart the tomcat service
Standalone VIS on Linux
For standalone VIS deployments on Linux servers, follow the instructions in the appropriate IVG tab for your CentOS/RHEL version.