Page History
...
For collaboration tools (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)
...
In your installation base, please search for the following files: webapp.war, admin.war, collaborator.war, document-exporter.war, resource-usage-map.war, resources.war. If you do not find any result, you can stop the procedure here. Your installation does not contain web applications
If you find a match, you might need to replace log4j2 libraries inside found war files (for example webapp.war). Please execute these steps:
- Make sure application is not running
- Download log4j v2.16.0 (or
...
- 2.17.0
...
- ) from apache website (link)
- Uncompress(unzip) webapp.war into any tmp folder
- Search now for these jar files among unzipped ones
o log4j-core-2.*.jar
o log4j-api-2.*.jar
- Replace any match by the 2.16.0 (or 2.17.0) version. Make sure the original filename is unchanged. See example below.
- Compress(zip) all extracted files back to webapp_patched.war. Make sure files structure in new war is same as in original war.
- Replace original webapp.war with webapp_patched.war and restore name back to webapp.war
- Look for a folder named webapp next to webapp.war. Delete it if found.
- Start application
Example - if you find
...
Example:
...
log4j-core-2.11.2.jar:
...
- Remove log4j-core-2.11.2.jar
...
- Copy log4j-core-2.16.0.jar
...
- to the same location
- Rename log4j-core-2.
...
- 16.
...
- 0.jar
...
- to log4j-core-2.11.2.jar
See the detailed procedure to mitigate the risk concerning the CVE-2021-44228 vulnerability.
...