Detected vulnerability in .install4j/user/log4j-1.2.16.jar file
search cancel

Detected vulnerability in .install4j/user/log4j-1.2.16.jar file

book

Article ID: 399389

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

Security team has detected a vulnerability in the file <ra_home>/.install4j/user/log4j-1.2.16.jar.
Could this file be deleted ?

Environment

Release Automation 6.8, 6.9

Resolution

If agent version is 6.8 or higher, there is no problem to delete the file <ra_home>/.install4j/user/log4j-1.2.16.jar
This is an old file which was used in previous version of Release Automation (6.6 for example) but it is not used anymore.
This file was not removed during the upgrade.

On a fresh installation of Agent 6.8, log4j-1.2.16.jar is not present :

Version 2.17.2 of log4j are installed.

Additional Information

See also this article for additional information : LOG4J and Agents Upgrade to 6.8

Powered by Wolken Software