TPS-5174 (cumulative patch)
|Product affected||Talend Activity Monitoring Console Web application|
This patch is cumulative. It includes all previous generally available patches for Talend AMC Web application 7.3.1.
To download this patch, liaise with your Support contact at Talend.
The original AMC Web application 7.3.1 contains the log4j-core jar WEB-INF\plugins\org.talend.libraries.apache_220.127.116.1190704_1045\lib\log4j-core-2.12.1.jar. This jar is impacted by the Log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. This jar is not used and can be removed.
The current patch simply removes this jar from the AMC Web application.
You can do either of the following:
Delete the log4j-core jar even if the AMC Web application is running.
Re-install the AMC Web application from the patch, which does not contain this jar any longer.
This patch is cumulative and contains the following fixes:
- TPS-5174 [7.3.1] Replace log4j1.x by reload4j to remove CVE
- TPS-5073 [7.3.1] Remove log4j2 from AMC
- TPS-4836 [7.3.1] AMC main chart can't display when using Redhat
Refer to the official installation documentation.