Question

Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?

1 year ago
September 6, 2023
1 reply
40 views

jambrogi
Contributor
1 reply

A recent vulnerability scan where i work identified both Log 4j and Apache TomCat vulnerabilities with our FME Server applications. I am currently running FME Server 2019.1, I know that particular version of FME does not utilize Log4j , but the files exist as a part of the installation.

Can we simply mitigate these vulnerabilities by removing the log4j and TomCat installation, or do we need to upgrade those install to a more current version? If we install newer versions of both log4j & TomCat will the FME Server 2019.1 application continue to function as expected?

merlinegeorge
Safer
80 replies
1 year ago
September 7, 2023

Hello,

This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.

Apache Log4j Vulnerability: Is FME Impacted?

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?