ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Catalyst Container log4j.jar files


Article ID: 239101


Updated On:


CA Service Operations Insight (SOI)


Catalyst contains several appearances of log4j.jar files which appear to be version 1.2.17. The customers security scanner marks this as potentially vulnerable. Are there plans to substitute this with 2.17.1 or higher and are there instructions available how to remove the vulnerable components from this files.



Release : 4.2

Component : SOI INSTALL


SOI will be updated to the latest log4j version in SOI 4.2 cu4. The Catalyst container and connectors are not part of SOI 4.2 CU4 release. They have separate releases, and will be worked up on post CU4 release.