Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?

Question

A recent vulnerability scan where i work identified both Log 4j and Apache TomCat vulnerabilities with our FME Server applications. I am currently running FME Server 2019.1, I know that particular version of FME does not utilize Log4j , but the files exist as a part of the installation.

Can we simply mitigate these vulnerabilities by removing the log4j and TomCat installation, or do we need to upgrade those install to a more current version? If we install newer versions of both log4j & TomCat will the FME Server 2019.1 application continue to function as expected?

Page 1 / 1

Hello,

This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.

Apache Log4j Vulnerability: Is FME Impacted?

Reply

merlinegeorge · Answer

Hello,This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.  Apache Log4j Vulnerability: Is FME Impacted?

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded