Deleting outdated log4j 1.2.17.jar files
search cancel

Deleting outdated log4j 1.2.17.jar files

book

Article ID: 234734

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

Installed the cum12 patch in our SDM 17.3 environment in order to update log4j files to v2.17.1.

After the patch install, there are still several copies of log4j-1.2.17.jar  and log4j-1.2.17-cloudera1.jar located in the lib folder of  \CATALINA_BASE\ sub folders.

Can these old log4j-1.2.17 type files be deleted?

Environment

Release : 17.3

Component :

Resolution

The given jar files log4j-1.2.17.jar and log4j-1.2.17-cloudera1.jar need to be kept in place on the servers as they are required for internal SDM functionality.  These jar files will eventually be updated in future RU updates.  Additionally, these files should not cause any concern for the log4j vulnerability that was reported in December, 2021.

Additional Information

Any jar files that are located in the SC/logs folders, ie X:\Program Files (x86)\CA\SC\logs202011031415\ can be deleted safely as these are from patch install attempts and are residual content that are not being leveraged actively by product functionality.