Hello Guys, can someone help me with b
this, how can I check log4j version on my windows Vcenter? I checked from control panel and found VMware-Apache-Tomcat version 6.5.0.63800 .
Is this version 6.5.0.63800 and log4j version between 2.0 and 2.14.1 are same?
Regards
Aaref Sayyad
same question
I have the same question but how can I check the version of log4j from the linux-based vcenter virtual appliance?
According to Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081...
You can verify the work around worked so I assume the same negative results will show you have the effected version.
Once all sections are complete, use the following steps to confirm if they were implemented successfully.
cd /usr/lib/vmware-updatemgr/bin/jetty/
java -jar start.jar --list-config
System Properties:
------------------
log4j2.formatMsgNoLookups = true (/usr/lib/vmware-updatemgr/bin/jetty/start.ini)
3. Verify the Analytics Service changes:
Does anyone know how to find the log4j version of a vCenter appliance? Is there any simple command that I can run and find the version? I was searching this online and it seems no has answered!
Expectation is after running a command we would be able to see something like 2.16 or 2.17 etc.
Please help if you know it.
What wrong with https://kb.vmware.com/s/article/87081?lang=en_US ?. Script comes with a dry run mode.
Regards,
Joerg
log4j is not a installable package, it is a java file bundled with other installed packages. Meaning every installed package with log4j could theoretically have a different version. As you see in that output, there are at least 3 different versions there .
So just follow the KB to get the workaorund-https://kb.vmware.com/s/article/87081 ..Actual patch for vCSA will come in a future release.
Follow https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Thank you Ajay, this works for me.