Installed the cum12 patch in our SDM 17.3 environment in order to update log4j files to v2.17.1.

After the patch install, there are still several copies of log4j-1.2.17.jar  and log4j-1.2.17-cloudera1.jar located in the lib folder of  \CATALINA_BASE\ sub folders.

Can these old log4j-1.2.17 type files be deleted?

Release : 17.3

Component :

The given jar files log4j-1.2.17.jar and log4j-1.2.17-cloudera1.jar need to be kept in place on the servers as they are required for internal SDM functionality.  These jar files will eventually be updated in future RU updates.  Additionally, these files should not cause any concern for the log4j vulnerability that was reported in December, 2021.

Any jar files that are located in the SC/logs folders, ie X:\Program Files (x86)\CA\SC\logs202011031415\ can be deleted safely as these are from patch install attempts and are residual content that are not being leveraged actively by product functionality.