ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Catalyst Container log4j.jar files

book

Article ID: 239101

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

Catalyst 3.4.4.4 contains several appearances of log4j.jar files which appear to be version 1.2.17. The customers security scanner marks this as potentially vulnerable. Are there plans to substitute this with 2.17.1 or higher and are there instructions available how to remove the vulnerable components from this files.

 

Environment

Release : 4.2

Component : SOI INSTALL

Resolution

SOI will be updated to the latest log4j version in SOI 4.2 cu4. The Catalyst container and connectors are not part of SOI 4.2 CU4 release. They have separate releases, and will be worked up on post CU4 release.