Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PerJansdal
Contributor II
Contributor II
‎2021-12-20 01:13 AM

Log4j

Hello

I have added ‐Dlog4j2.formatMsgNoLookups=true to REPENDCTL.BAT on all my QLIK Replicate Servers without problems.

But our security department send me this

Opgrade to Log4j 2.15 is not enough.

The published vulnerrability is CVE-2021-4101 and 45046

Please check 

Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | Lun...

 Regards 

Per Jansdal

Semler IT

Denmark

860 Views
0 Likes
1 Solution

Accepted Solutions
Heinvandenheuvel
Specialist II
Specialist II
‎2021-12-20 11:32 AM

The LOG4J module comes into play with the Replicate Endpoint Service only (today).

Best I know this Service is only required when using MongoDB, Salesforce or SAP  (and NULL?) endpoints (today).

If you do not need those endpoints then you might consider restarting the Attunity Replicate service after completely disabling  that service by making sure that the file replicate\bin\repctl.cfg has a line with < "disable_endpoint_server":true,   >

hth,

Hein.

View solution in original post

763 Views
4 Replies
Maria_Halley
Support
Support
‎2021-12-20 04:08 AM

@PerJansdal

 

I will move this to the Qlik Replicate board, so it reaches the right audience

814 Views
0 Likes
PerJansdal
Contributor II
Contributor II
‎2021-12-20 04:10 AM
Author

In response to Maria_Halley

Thank You very much

802 Views
0 Likes
Heinvandenheuvel
Specialist II
Specialist II
‎2021-12-20 11:32 AM

The LOG4J module comes into play with the Replicate Endpoint Service only (today).

Best I know this Service is only required when using MongoDB, Salesforce or SAP  (and NULL?) endpoints (today).

If you do not need those endpoints then you might consider restarting the Attunity Replicate service after completely disabling  that service by making sure that the file replicate\bin\repctl.cfg has a line with < "disable_endpoint_server":true,   >

hth,

Hein.

764 Views
PerJansdal
Contributor II
Contributor II
‎2021-12-21 01:02 AM
Author

In response to Heinvandenheuvel

After adding disable_endpoint_server":true to the repctl.cfg file I did restart the Attunity Replicate servive

 

Regards Per Jansdal

730 Views
0 Likes