How to: Manually update your Apache log4j jar files to prevent security vulnerabilities
Introduction:
The TRUECHART team is aware of the published security vulnerability in Apache Log4j, reference CVE-2021-44228.
You can manually update this file without having to upgrade your TRUECHART software by following the below steps:
The new version of Apache logj4: log4j-2.17.1.zip
- Stop the running TrueChart Service.
- Navigate to the installation folder of TrueChart, default location might vary. Navigate into the WebApps \ TRUECHARTService \ WEB-INF \ lib folder, find the existing 3 log4j jar files which should be version 2.14.# and prior, delete all 3 and replace them with the ones in the attached zip file. It is important that the older files are deleted.
- C:\Program Files\High Coordination\Webapps\TRUECHARTService\WEB-INF\lib
- In the Webapps folder, you will also notice another file called TRUECHARTService.war.
- This can be opened with an archiving application called Winrar. Open it and navigate to the WEB-INF \ lib folder. Find those same 3 log4j files, delete them and add in the updated log4j jar files attached.
- Once done, close Winrar and start up the service again.
, multiple selections available,