https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873066#M1433 <P>Hello</P> <P>I have added&nbsp;‐Dlog4j2.formatMsgNoLookups=true to REPENDCTL.BAT on all my QLIK Replicate Servers without problems.</P> <P>But our security department send me this</P> <P>Opgrade to Log4j 2.15 is not enough.</P> <P>The published vulnerrability is CVE-2021-4101 and 45046</P> <P>Please check&nbsp;</P> <P><A href="https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/" target="_blank" rel="noopener">Log4Shell Update: Severity Upgraded 3.7 -&gt; 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec</A></P> <P>&nbsp;Regards&nbsp;</P> <P>Per Jansdal</P> <P>Semler IT</P> <P>Denmark</P> Mon, 20 Dec 2021 06:13:56 GMT PerJansdal 2021-12-20T06:13:56Z https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873066#M1433 <P>Hello</P> <P>I have added&nbsp;‐Dlog4j2.formatMsgNoLookups=true to REPENDCTL.BAT on all my QLIK Replicate Servers without problems.</P> <P>But our security department send me this</P> <P>Opgrade to Log4j 2.15 is not enough.</P> <P>The published vulnerrability is CVE-2021-4101 and 45046</P> <P>Please check&nbsp;</P> <P><A href="https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/" target="_blank" rel="noopener">Log4Shell Update: Severity Upgraded 3.7 -&gt; 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec</A></P> <P>&nbsp;Regards&nbsp;</P> <P>Per Jansdal</P> <P>Semler IT</P> <P>Denmark</P> Mon, 20 Dec 2021 06:13:56 GMT https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873066#M1433 PerJansdal 2021-12-20T06:13:56Z https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873186#M1434 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/159810">@PerJansdal</a></P><P>&nbsp;</P><P>I will move this to the Qlik Replicate board, so it reaches the right audience</P> Mon, 20 Dec 2021 09:08:20 GMT https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873186#M1434 Maria_Halley 2021-12-20T09:08:20Z https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873190#M1436 <P>Thank You very much</P> Mon, 20 Dec 2021 09:10:59 GMT https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873190#M1436 PerJansdal 2021-12-20T09:10:59Z https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873393#M1438 <P>The LOG4J module comes into play with the Replicate Endpoint Service only (today).</P> <P>Best I know this Service is only required when using <STRONG><SPAN>MongoDB, Salesforce or SAP&nbsp; (and NULL?)&nbsp;</SPAN></STRONG>endpoints (today).</P> <P>If you do not need those endpoints then you might consider restarting the Attunity Replicate service after completely disabling&nbsp; that service by making sure that the file replicate\bin\repctl.cfg has a line with &lt;<SPAN>&nbsp;</SPAN><STRONG><SPAN>"disable_endpoint_server":true,&nbsp; </SPAN></STRONG>&nbsp;&gt;</P> <P>hth,</P> <P>Hein.</P> Mon, 20 Dec 2021 16:32:03 GMT https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873393#M1438 Heinvandenheuvel 2021-12-20T16:32:03Z https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873599#M1442 <P>After adding&nbsp;<STRONG><SPAN>disable_endpoint_server":true&nbsp;</SPAN></STRONG><SPAN>to the repctl.cfg file I did restart the Attunity Replicate servive</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards Per Jansdal</SPAN></P> Tue, 21 Dec 2021 06:02:41 GMT https://community.qlik.com/t5/Qlik-Replicate/Log4j/m-p/1873599#M1442 PerJansdal 2021-12-21T06:02:41Z