TPS-5345 (cumulative patch) - 7.3

Version
7.3
Language
English
Product
Talend Data Fabric
Module
Talend Activity Monitoring Console

TPS-5345 (cumulative patch)

Info Value
Patch Name Patch_20220909_TPS-5345_v1-7.3.1
Release Date 2022-09-09
Target Version 20200219_1130-V7.3.1
Product affected Talend Activity Monitoring Console Web application

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend AMC Web application 7.3.1.

To download this patch, liaise with your Support contact at Talend.

Note:

The original AMC Web application 7.3.1 contains the log4j-core jar WEB-INF\plugins\org.talend.libraries.apache_7.3.1.20190704_1045\lib\log4j-core-2.12.1.jar. This jar is impacted by the Log4j2 vulnerabilities CVE-2021-44228 and CVE-2021-45046. This jar is not used and can be removed.

The current patch simply removes this jar from the AMC Web application.

You can do either of the following:

  • Delete the log4j-core jar even if the AMC Web application is running.

  • Re-install the AMC Web application from the patch, which does not contain this jar any longer.

Fixed issues

This patch is cumulative and contains the following fixes:

  • TPS-5345 [7.3.1] AMC page unable to load all projects
  • TPS-5174 [7.3.1] Replace log4j1.x by reload4j to remove CVE
  • TPS-5073 [7.3.1] Remove log4j2 from AMC
  • TPS-4836 [7.3.1] AMC main chart can't display when using Redhat

Installation

Refer to the official installation documentation.