Zero day Vulnerability discovered for Apache Log4j
Zero day Vulnerability discovered for Apache Log4j
Dear Sir/Madam,
Currently we are using “Attunity Replicate (64-bit) 6.2.0.271” which is lower than affected versions you have stated. Does it mean our versions is not affected by this vulnerability? as we unable to find log4j in Attunity Replica.
Can we proceed to mitigate the steps indicated in the below link? However, we do not have "endpoint_srv" folder/directory.
Mitigation - Endpoint Server - Windows 1. Edit the file <installation-root>\Replicate\endpoint_srv\bin\rependctl.bat (<installation-root> typically refers to C:\Program Files\Attunity)
2. Add the string ‐Dlog4j2.formatMsgNoLookups=true in the highlighted location shown below (last line of script):
3. Save the file and restart the Replicate Windows service with the command:
Other details are: It's on Windows Intranet On-Premises
Could you please advise how do we mitigate the log4j vulnerability issue? Appreciate your urgent response for this. Thank you Jyothi
You are right. Replicate 6.2 does not introduce the endpoint server yet. However the old Replicate versions include 5.5/6.2/6.4/6.5 are out of support. The minimize support version is April 2020 (formerly version number 6.6). see Qlik Replicate Product Lifecycle .
If you are running 6.2 still Please plan to upgrade to supported versions asap.
BTW, before the upgrade please take care if the source/target database versions (include the server version, and corresponding client driver version) are supported, and also verify if the Replicate OS version is supported as well in Support Matrix . Please Check the Release Notes of each major version for the detailed upgrade instructions.
Hope this helps.
Regards,
John.
Help users find answers! Do not forget to mark a solution that worked for you! If already marked, give it a thumbs up!
