1) It is recommended to remove APMSqlServer instead of patching the log4j.
- Broadcom Engineering has determined that the external APMSQL Server bundle available as an additional download for APM 10.5 and 10.7 uses an affected version of the Log4j 1.2 and it's use should be discontinued. To replace this functionality, please use the built-in APM RestAPI instead. Please refer to the APM documentation usage of the APM RestAPI to remotely query/download APM metrics over http/https connections."
2) You can install the current Java (do lax updates as needed)
You can install the upgraded JVM/JDK at any location and then modify the Introscope_Enterprise_Manager.lax and Introscope_WebView.lax for JVM path.
You can also install the JVM under APM-HOME/jre (this the default location of the JVM). In this case, you first rename the APM-HOME/jre and then install the new JVM/JDK there.
If you select this procedure, then you do not have to modify the Introscope_Enterprise_Manager.lax and Introscope_WebView.lax as the path remains the same.
APM will be using openJDK.
Presently, customers have two options.
1- Can swap with openJDK.
2- Can install vulnerability mitigation(upgrades) for Oracle Java (Review KB: https://knowledge.broadcom.com/external/article?articleId=132318)
1- Can swap with openJDK.
Manual steps to introduce AdoptOpenJDK
1. Stop Enterprise Manager:
2. Stop WebView:
3. Copy the contents of the jre folder in the <EM_HOME> directory to a new folder jreBackup
4. Delete all the contents inside the jre folder in the <EM_HOME> directory
5. Download the JRE of AdoptOpenJDK and put its contents to the jre folder in the <EM_HOME> directory
6. Start Enterprise Manager and WebView:
7. Verify that AdoptOpenJDK is being used by checking the logs:
In IntroscopeEnterpriseManager.log you should see something like the following:
[INFO] [main] [Manager] Introscope Enterprise Manager Release 10.7.0.220 (Build 994002)
[INFO] [main] [Manager] Using Java VM version "OpenJDK 64-Bit Server VM 1.8.0_222" from AdoptOpenJDK
In IntroscopeWebView.log you should see something like the following:
[INFO] [WebView] Introscope WebView Release 10.7.0.220 (Build 994002)
[INFO] [WebView] Using Java VM version "OpenJDK 64-Bit Server VM 1.8.0_222" from AdoptOpenJDK
8. If you have installed Workstation separately, follow the same process as above:
make sure Workstation is not running
create a backup of its jre folder
copy the contents of the JRE of AdoptOpenJDK into the jre folder of Workstation
9. If accessing Workstation through Webstart and if using AdoptOpenJDK in the machine where you are accessing Workstation, then the Workstation will fail to start.
*You must apply above steps to each of the APM components (for example MoM, Collectors, webview, workstation etc...)
Note: Broadcom is not permitted to distribute any higher versions of Oracle Java. However, if you wish to swap the version of Java within your own installation to a higher update of Oracle or AdoptOpenJDK 1.8, Broadcom . Then, Technical support will support it.