Is the recently identified log4j vulnerability issue is present in Helical Insight also

Technical queries
, , ,
#1

Hello Helical Team,

I am using Helical Insight enterprise version 4.1 GA. I would like to know whether it suffers from the log4j vulnerability issue. If yes how to fix it?

Thank You,
Netta.

#2

Hello Netta,

We are using log4j version 1.2.17. This specific version is not susceptible to the security vulnerability which has been recently identified.

You can refer to the below blog : http://slf4j.org/log4shell.html

image

Meanwhile we are also working on testing the newer version of log4j with our product and would be updating soon.

Thank You,
Helical Insight.

#3

This patch helps you to update the log4j 1.x to 2.16 version. This can be used on any version upto Helical Insight 4.1 GA.

Please follow the below steps after hi-ee-4.1.1.18708GA-P001.zip (3.4 MB)

  1. Go to your the location where you have installed Helical Insight “…hi\apache-tomcat-9\webapps\hi-ee\WEB-INF\lib” and search for below jar and delete these jar.

    log4j-1.2.17
    slf4j-api-1.7.21
    c3p0-0.9.1.1.jar
    quartz-2.2.3.jar

  2. Download this zip and add the following jar files from patch WEB-INF\lib to this location “…\hi\apache-tomcat-9\webapps\hi-ee\WEB-INF\lib

    c3p0-0.9.5.5.jar
    log4j-api-2.16.0.jar
    log4j-core-2.16.0.jar
    log4j-slf4j-impl-2.16.0.jar
    mchange-commons-java-0.2.20.jar
    quartz-2.3.0.jar
    slf4j-api-1.7.25.jar

  3. Go to the location “…\hi\apache-tomcat-9\webapps\hi-ee\WEB-INF\classes” and paste the file log4j2.properties from the patch into this location. This file is present in the folder “classes” in this patch.
    Edit this file on notepad++/text editor and change the property
    appender.file.filename to your helical insight log location and save it. Generally the helical insight log location is something like this “…\hi\hi-repository\System\Logs”, something like this can be given. Please note that full path has to be given. Like in my case I have put

appender.file.filename =C:\Program Files\Helical Insight\hi\hi-repository\System\Logs

Save the file.

  1. Delete the old log4j.properties file from “…hi\apache-tomcat-9\webapps\hi-ee\WEB-INF\classes
    only for the version above 2.x of helicalinsight

  2. Replace the “com” folder from classes in the patch to
    …\hi\apache-tomcat-9\webapps\hi-ee\WEB-INF\classes

  3. Once the changes are done, Restart the server