Orchestrator has older version of Apache Log4j 1.2.17
search cancel

Orchestrator has older version of Apache Log4j 1.2.17

book

Article ID: 367877

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • The Aria Automation and Orchestrator appliance shows an obsolete log4j library and behaves as transitive dependency
  • The file path is present on the virtual appliance as part of SNMP Plugin: 

/data/vco/usr/lib/vco/app server/temp/dars/o11nplugin-snmp.dar/lib/log4j-1.2.17.jar

 

 

Environment

VMware Aria Automation 8.11.x

VMware Aria Automation Orchestrator 8.11.x 

VMware Aria Automation Orchestrator 8.13

VMware Aria Automation 8.13

VMware Aria Automation 8.16.2

 

 

SNMP plugin version:

SNMP 1.0.8.22047138

Cause

The SNMP plugin has an obsolete RPM installed

 

Resolution

Upgrade to VMware Aria Automation 8.18 

Upgrade to VMware Aria Automation Orchestrator 8.18

Additional Information

Important:

  • Restarting the environment using this documentation will result with older log4j file (/log4j-1.2.17.jar) to be restored when Aria Automation is less than version 8.18

  • Removing the plugin does not remove the jar file Install, update, or delete a plug-in

Powered by Wolken Software