Hello all,
Our IT department has the policy to remove all the vulnarible Log4j related files from the systems which came from a server scan.
We have a FME server 2020.1 with engine 2020.2.5
The scan gives the following files:
C:\\Program Files\\FMEServer\\Server\\fme\\plugins\\activemq-all-5.6.0.jar
C:\\Program Files\\FMEServer\\Server\\fme\\plugins\\log4j-1.2.16.jar
C:\\Program Files\\FMEServer\\Server\\FMEEngineUpgrade\\plugins\\activemq-all-5.6.0.jar
C:\\Program Files\\FMEServer\\Server\\FMEEngineUpgrade\\plugins\\log4j-1.2.16.jar
C:\\Program Files\\FMEServer\\Server\\lib\\log4j-1.2.14.jar
C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmeapiv4.war
C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmeapiv4\\WEB-INF\\lib\\logback-classic-1.2.3.jar
C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmerest.war","WEB-INF/lib/log4j-1.2.14.jar
C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmerest\\WEB-INF\\lib\\log4j-1.2.14.jar
What would be the effect off removing all these files to the working of FME server?
For example, would it demolish or influence the logging system of FME server?
With kind regards,
John van der Kleijn