• EN
Question

Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?

  • 6 September 2023
  • 1 reply
  • 20 views
jambrogi
Rank
Badge

A recent vulnerability scan where i work identified both Log 4j and Apache TomCat vulnerabilities with our FME Server applications. I am currently running FME Server 2019.1, I know that particular version of FME does not utilize Log4j , but the files exist as a part of the installation.

 

Can we simply mitigate these vulnerabilities by removing the log4j and TomCat installation, or do we need to upgrade those install to a more current version? If we install newer versions of both log4j & TomCat will the FME Server 2019.1 application continue to function as expected?

1 reply

merlinegeorge
Rank
Badge +5

Hello,

 

This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.

Apache Log4j Vulnerability: Is FME Impacted?

Reply


Community Stats

28,867
Posts
109,983
Replies
36,672
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.