How to upgrade Log4j2.x library shipped with TIBCO BusinessEvents Enterprise Edition 6.2.1

How to upgrade Log4j2.x library shipped with TIBCO BusinessEvents Enterprise Edition 6.2.1

book

Article ID: KB0072596

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition 6.2.1

Description

There were couple of TIBCO BE releases to address Apache Log4J vulnerability (CVE-2021-44228). The BE 6.2.1 was our first release to address the Apache Log4J vulnerability (CVE-2021-44228) 
and this came with Apache Log4j library version 2.17.0 which was the latest available library at the time of the release. Our next 6.x release was BE 6.1.2 and Log4j library was upgraded to the latest available 2.17.1.

This article provides steps to update the Log4j library that comes with BE 6.2.1 to Log4j 2.17.1.

 

Issue/Introduction

How to upgrade Log4j2.x library shipped with TIBCO BusinessEvents Enterprise Edition 6.2.1

Environment

All Supported Platforms TIBCO BusinessEvents 6.2.1

Resolution

To upgrade the Log4j library that comes with BE 6.2.1 to 2.17.1 please follow steps below:

- Please follow link below to download the Log4j 2.17.1 jar file from Apache downloads section and replace the existing Log4j2.17.0 jar under BE_HOME/lib/ext/tpcl/apache with Log4j 2.17.1 jar.

https://logging.apache.org/log4j/2.x/download.html

- You can also get the Log4j 2.17.1 jar from BE 6.1.2 installation and copy that into BE 6.2.1 BE_HOME/lib/ext/tpcl/apache folder.