Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik and ServiceNow Partner to Bring Trusted Enterprise Context into AI-Powered Workflows. Learn More!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
YC123
Contributor II
Contributor II
‎2025-12-14 07:59 PM

Seek help - issue of plugin: Apache Log4j

Hi all,

I am using Qlik Replicate.  When the server is scanned by security tool, the following error is shown.

Plugin: Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE

Plugin: Apache Log4j 2.x < 2.17.0 DoS

I checked that Apache is not installed in this server.  Hence, would like to know if Qlik Replicate is using this plugin?  If yes, how can we fix this issue?

Thank you.

Regards,

Labels (1)
Labels
338 Views
1 Solution

Accepted Solutions
john_wang
Support
Support
‎2025-12-14 08:25 PM

Hello @YC123 ,

Thanks for your post!

Yes, Qlik Replicate does include Apache Log4j components. However, the related vulnerabilities have already been addressed through fixes provided by both Apache and Qlik. You can find the official details here:

Qlik’s Response to Apache Log4j Vulnerabilities

I’m not sure which Replicate version you’re currently running, I'd like suggest you to upgrade Qlik Replicate to get the fixes. If you still prefer to manually upgrade the Log4j components, please refer to my article below for guidance:

Updating Log4j to 2.17.1 for Qlik Replicate and Qlik Enterprise Manager

Hope this helps.

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!

View solution in original post

331 Views
3 Replies
john_wang
Support
Support
‎2025-12-14 08:25 PM

Hello @YC123 ,

Thanks for your post!

Yes, Qlik Replicate does include Apache Log4j components. However, the related vulnerabilities have already been addressed through fixes provided by both Apache and Qlik. You can find the official details here:

Qlik’s Response to Apache Log4j Vulnerabilities

I’m not sure which Replicate version you’re currently running, I'd like suggest you to upgrade Qlik Replicate to get the fixes. If you still prefer to manually upgrade the Log4j components, please refer to my article below for guidance:

Updating Log4j to 2.17.1 for Qlik Replicate and Qlik Enterprise Manager

Hope this helps.

John.

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
332 Views
YC123
Contributor II
Contributor II
‎2025-12-14 11:41 PM
Author

In response to john_wang

Thank you, John

298 Views
john_wang
Support
Support
‎2025-12-14 11:55 PM

Thanks for your support! @YC123 

Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
296 Views
0 Likes