Skip to main content
Question

Can FME Server 2019.1 continue running without log4j and Apache Tomcat being installed?

  • September 6, 2023
  • 1 reply
  • 40 views

jambrogi
Contributor
Forum|alt.badge.img+3

A recent vulnerability scan where i work identified both Log 4j and Apache TomCat vulnerabilities with our FME Server applications. I am currently running FME Server 2019.1, I know that particular version of FME does not utilize Log4j , but the files exist as a part of the installation.

 

Can we simply mitigate these vulnerabilities by removing the log4j and TomCat installation, or do we need to upgrade those install to a more current version? If we install newer versions of both log4j & TomCat will the FME Server 2019.1 application continue to function as expected?

1 reply

merlinegeorge
Safer
Forum|alt.badge.img+5

Hello,

 

This might be a helpful article to go through to check the CVE Number and associated impact action and instructions for upgrading log4j used in FME Desktop and FME Server.

Apache Log4j Vulnerability: Is FME Impacted?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings