Page History

[updated on 2021 12 17 1314:00 GMT+1]

More about the issue: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

...

...

For collaboration tools (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)

Option 1

You may prevent lookups in the log event message by adding parameter via command line or in Web Application Platform setenv.sh / setenv.bat properties file.

Configuring setenv.bat file on Windows

If your instance of the Web Application Platform is running on Windows, configure this file by following one of the given workflows.

To configure setenv.bat files when the Web Application Platform is started by running an executable

...

Copy and paste the following line to the setenv.bat file:

set JAVA_OPTS=-Dlog4j.formatMsgNoLookups=true

...

To configure setenv.bat files when the Web Application Platform is started as a service

...

In the command-line interface, run the following command:

.\bin\tomcat<version>.exe //US//WebApp --JvmMs=8000 --JvmMx=8000 ++JvmOptions='-Dlog4j.formatMsgNoLookups=true'

...

Configuring setenv.sh file on Linux and Mac

If your instance of the Web Application Platform is running on Linux or Mac, configure this file by following the steps outlined below.

To configure setenv.sh file on Linux and Mac

...

Copy and paste the following lines to the setenv.sh file:

set JAVA_OPTS=-Dlog4j.formatMsgNoLookups=true

...

)

1. Download the latest log4j 2.16.0 patched version.
2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.16.0 zip file while keeping the original file name.

...