Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?

  • 6 September 2023
  • 1 reply


A recent vulnerability scan where i work identified both Log 4j and Apache TomCat vulnerabilities with our FME Server applications. I am currently running FME Server 2019.1, I know that particular version of FME does not utilize Log4j , but the files exist as a part of the installation.


Can we simply mitigate these vulnerabilities by removing the log4j and TomCat installation, or do we need to upgrade those install to a more current version? If we install newer versions of both log4j & TomCat will the FME Server 2019.1 application continue to function as expected?

1 reply

Badge +5



This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.

Apache Log4j Vulnerability: Is FME Impacted?