ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Catalyst Container log4j.jar files
book
Article ID: 239101
calendar_today
Updated On:
Products
CA Service Operations Insight (SOI)
Issue/Introduction
Catalyst 3.4.4.4 contains several appearances of log4j.jar files which appear to be version 1.2.17. The customers security scanner marks this as potentially vulnerable. Are there plans to substitute this with 2.17.1 or higher and are there instructions available how to remove the vulnerable components from this files.
Environment
Release : 4.2
Component : SOI INSTALL
Resolution
SOI will be updated to the latest log4j version in SOI 4.2 cu4. The Catalyst container and connectors are not part of SOI 4.2 CU4 release. They have separate releases, and will be worked up on post CU4 release.