Log4j Defect - It's Patched!
I wrote an article back in January (Log4j MID Server Fix Script) regarding Log4j defect on MID servers where they had a vulnerable version of the Log4j jar files on them. Great news - the issue has now been patched for good!
As of Rome Patch 7 and San Diego Patch 1, MID servers are now packaged with Log4j version 2.17.1 which is the currently safe version of the library.
All you need to do is make sure to upgrade your instance version to one of those patches or higher, and then also upgrade your MID server (typically happens automatically), and then you’re set.
I haven’t seen much official information posted that it was fixed, but will be sure to update the article if I find reference to an official announcement.
I also wanted to include as a bonus some instructions on how to verify the version of jar files on your MID server!
Log into the MID server
Open a CMD terminal as an administrator
Type in the following commands:
> F:
> cd: D:\MIDServer\agent\jre\bin\
> jar xf D:\MIDServer\agent\lib\log4j-core.jar
Navigate to to D:\MIDServer\agent\jre\bin\META-INF\MANIFEST.MF file
Open with a text editor, and verify the version number (ex: in the case of Log4j we want 2.17.1)
Note: After completing the instructions you can delete the META-INF folder that is created.