How to upgrade Log4j2.x library shipped with TIBCO BusinessEvents Enterprise Edition 6.2.1
book
Article ID: KB0072596
calendar_today
Updated On:
Products
Versions
TIBCO BusinessEvents Enterprise Edition
6.2.1
Description
There were couple of TIBCO BE releases to address Apache Log4J vulnerability (CVE-2021-44228). The BE 6.2.1 was our first release to address the Apache Log4J vulnerability (CVE-2021-44228) and this came with Apache Log4j library version 2.17.0 which was the latest available library at the time of the release. Our next 6.x release was BE 6.1.2 and Log4j library was upgraded to the latest available 2.17.1.
This article provides steps to update the Log4j library that comes with BE 6.2.1 to Log4j 2.17.1.
Issue/Introduction
How to upgrade Log4j2.x library shipped with TIBCO BusinessEvents Enterprise Edition 6.2.1
Environment
All Supported Platforms
TIBCO BusinessEvents 6.2.1
Resolution
To upgrade the Log4j library that comes with BE 6.2.1 to 2.17.1 please follow steps below:
- Please follow link below to download the Log4j 2.17.1 jar file from Apache downloads section and replace the existing Log4j2.17.0 jar under BE_HOME/lib/ext/tpcl/apache with Log4j 2.17.1 jar.