Skip to main content
Solved

Necessity log4j version 1.xxxxxx

jvdkleijn_ehv
Contributor
Forum|alt.badge.img+1

Hello all,

 

Our IT department has the policy to remove all the vulnarible Log4j related files from the systems which came from a server scan.

 

We have a FME server 2020.1 with engine 2020.2.5

The scan gives the following files:

 

C:\\Program Files\\FMEServer\\Server\\fme\\plugins\\activemq-all-5.6.0.jar

C:\\Program Files\\FMEServer\\Server\\fme\\plugins\\log4j-1.2.16.jar

C:\\Program Files\\FMEServer\\Server\\FMEEngineUpgrade\\plugins\\activemq-all-5.6.0.jar

C:\\Program Files\\FMEServer\\Server\\FMEEngineUpgrade\\plugins\\log4j-1.2.16.jar

C:\\Program Files\\FMEServer\\Server\\lib\\log4j-1.2.14.jar

C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmeapiv4.war

C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmeapiv4\\WEB-INF\\lib\\logback-classic-1.2.3.jar

C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmerest.war","WEB-INF/lib/log4j-1.2.14.jar

C:\\Program Files\\FMEServer\\Utilities\\tomcat\\webapps\\fmerest\\WEB-INF\\lib\\log4j-1.2.14.jar

 

What would be the effect off removing all these files to the working of FME server?

For example, would it demolish or influence the logging system of FME server?

 

With kind regards,

 

John van der Kleijn

Best answer by nielsgerrits

Have you checked the article Is FME Affected by the Security Vulnerability Reported Against log4j? already?

View original
    Did this help you find an answer to your question?

    5 replies

    nielsgerrits
    VIP
    • nielsgerritsVIP
    • Best Answer
    • February 8, 2022

    Have you checked the article Is FME Affected by the Security Vulnerability Reported Against log4j? already?

    hkingsbury
    Celebrity
    Forum|alt.badge.img+50
    • hkingsburyCelebrity
    • Celebrity
    • February 8, 2022

    check out that article that @nielsgerrits​  posted.

    I would not advise one bit to remove any logging from FME Server. As a hypothetical scenario, if you removed all those log4j files I would imagine one of two scenarios taking place:

    1. FME Server continues to run, with no logging, errors popup when you try to load any logs
    2. FME Server doesn't run as it is missing dependencies (and with no logging how're you going to find the issue?)
    jvdkleijn_ehv
    Contributor
    Forum|alt.badge.img+1
    • jvdkleijn_ehvContributor
    • Author
    • Contributor
    • February 10, 2022

    Yes, we checked the article en replied the content to our IT department.

    They do not agree.

     

    Our IT department wants to remove all log4jv1.xxx from the servers.

    There motivation is that log4j1... is out of support. (2015)

    Therefore the question about removing Log4j1.xxx

     

    can it be that log4j1.. comes with the FME installatieon, but is not used?

    If that is the case maybee it can be removed.

    If not, what is the policy from Safe upgrading log4j1... to a newer version?

     

    Regards en thank's fotr the reply,

     

    John van der Kleijn

    hkingsbury
    Celebrity
    Forum|alt.badge.img+50
    • hkingsburyCelebrity
    • Celebrity
    • February 10, 2022
    jvdkleijn_ehv wrote:

    Yes, we checked the article en replied the content to our IT department.

    They do not agree.

     

    Our IT department wants to remove all log4jv1.xxx from the servers.

    There motivation is that log4j1... is out of support. (2015)

    Therefore the question about removing Log4j1.xxx

     

    can it be that log4j1.. comes with the FME installatieon, but is not used?

    If that is the case maybee it can be removed.

    If not, what is the policy from Safe upgrading log4j1... to a newer version?

     

    Regards en thank's fotr the reply,

     

    John van der Kleijn

    I think in that case it would be best to open up a support ticket and/or have a chat with your reseller contact

    jvdkleijn_ehv
    Contributor
    Forum|alt.badge.img+1
    • jvdkleijn_ehvContributor
    • Author
    • Contributor
    • February 11, 2022

    Thank's for the reply. I Opened a support ticket.

    Reply


    Helpful Members This Week

    Community Stats

    30,897
    Posts
    117,088
    Replies
    38,701
    Members

    Latest FME

    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.