TPS-5058 (cumulative patch) - 7.3

Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Talend Identity and Access Management
Last publication date

TPS-5058 (cumulative patch)

Info Value
Patch Name Patch_20211216_TPS-5058_v1
Release Date 2021-12-16
Target Verson 20211216_1-V7.3.1
Product affected LogServer


This patch is cumulative. It includes all previous generally available patches for Talend LogServer 7.3.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-5058: [7.3.1] Patch log4j CVE in LogServer


Consider the following requirements for your system:

  • Talend LogServer 7.3.1 must be installed.


  1. Stop LogServer
  2. Create a backup directory
    $ mkdir -p <backup_dir>
  3. Copy original elasticsearch-* and logstash-* folders to the backup directory
    $ cp -a <TALEND>/logserv/elasticsearch-* <backup_dir>
    $ cp -a <TALEND>/logserv/logstash-* <backup_dir>
  4. Remove vulnerable dependencies
    $ rm -rf <TALEND>/logserv/elasticsearch-*/lib/log4j*.jar
    $ rm -rf <TALEND>/logserv/logstash-*/logstash-core/lib/jars/log4j*.jar
  5. Uzip the patch file in the root of LogServer
    $ cd <TALEND>/logserv
    $ unzip
    Note: if asked to override files please select yes/all
  6. Start LogServer


  1. Stop LogServer
  2. Remove patched directories and files
    $ rm -rf <TALEND>/logserv/elasticsearch-*/lib
    $ rm -rf <TALEND>/logserv/logstash-*/logstash-core/lib/jars
  3. Copy saved folders from the backup directory
    $ cp -rf <backup_dir>/elasticsearch-*/lib <TALEND>/logserv/elasticsearch-*/lib
    $ cp -rf <backup_dir>/logserv/logstash-*/logstash-core/lib/jars <TALEND>/logserv/logstash-*/logstash-core/lib/jars
  4. Start LogServer

Affected files for this patch

The following files are installed by this patch: - log4j-api.jar - log4j-core.jar - log4j-slf4j-impl.jar