No, we are not deploying as war file. And the application /lib currently having followed log4j files.
-rw-r-----. 1 fruser fruser 16431 Aug 25 2022 jcl-over-slf4j-1.7.21.jar -rw-r-----. 1 fruser fruser 4597 Aug 25 2022 jul-to-slf4j-1.7.21.jar -rw-r-----. 1 fruser fruser 41071 Aug 25 2022 slf4j-api-1.7.21.jar -rw-r-----. 1 fruser fruser 16831 Aug 25 2022 i18n-slf4j-1.4.4.jar -rwxr-xr-x. 1 fruser fruser 301872 Mar 2 17:28 log4j-api-2.17.1.jar -rwxr-xr-x. 1 fruser fruser 1790452 Mar 2 17:28 log4j-core-2.17.1.jar Regards, Guru. -----Original Message----- From: Christian Grobmeier <[email protected]> Sent: Friday, April 21, 2023 4:55 PM To: Gurumoorthi Vijayalingam <[email protected]>; [email protected] Subject: Re: [External] Re: Log4j Issue CAUTION: This message was sent from outside of the company. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. Are you deploying your application as a war file? If so, can you unzip that war file and search for log4j there? -- The Apache Software Foundation V.P., Data Privacy On Fri, Apr 21, 2023, at 13:21, Gurumoorthi Vijayalingam wrote: > No, am not able to find log4j version in tomcat lib folder. The > problem occurred when we upgraded the jar files from 2.2 t o2.17 > > > Regards, > Guru. > > -----Original Message----- > From: Christian Grobmeier <[email protected]> > Sent: Friday, April 21, 2023 4:36 PM > To: Gurumoorthi Vijayalingam <[email protected]>; > [email protected] > Subject: Re: [External] Re: Log4j Issue > > CAUTION: This message was sent from outside of the company. Please do > not click links or open attachments unless you recognize the source of > this email and know the content is safe. > > > Hello Gurumoorthi, > > please subscribe to [email protected] by sending an empty message > to [email protected]. > It is hard for our message moderators to manually moderate your > messages through. > > You need to find the log4j version of Tomcat. Please search for this. > it could be in the lib folder of Tomcat. > > You can also search the whole installation of Tomcat for "log4j" or > "log4j-core-2.2.jar", then you should find it. > > Kind regards, > Christian > > > -- > The Apache Software Foundation > V.P., Data Privacy > > On Fri, Apr 21, 2023, at 12:51, Gurumoorthi Vijayalingam wrote: >> Any help on this request ? we stuck. >> >> -----Original Message----- >> From: Gurumoorthi Vijayalingam >> Sent: Thursday, April 13, 2023 7:36 AM >> To: Christian Grobmeier <[email protected]>; >> [email protected] >> Subject: RE: [External] Re: Log4j Issue >> >> Hi Team, >> >> We tried the steps as Christian mentioned in below email, but still >> getting same error. Please help us to fix this issue >> >> Thanks, >> Guru. >> >> -----Original Message----- >> From: Christian Grobmeier <[email protected]> >> Sent: Tuesday, March 21, 2023 2:17 AM >> To: Gurumoorthi Vijayalingam <[email protected]>; >> [email protected] >> Cc: Paolo Gil Ostrea <[email protected]>; Roark Hamilton >> <[email protected]>; Bhavana Pujari <[email protected]>; >> Sireesha Kutala <[email protected]> >> Subject: Re: [External] Re: Log4j Issue >> >> CAUTION: This message was sent from outside of the company. Please do >> not click links or open attachments unless you recognize the source >> of this email and know the content is safe. >> >> >> Hello Gurumoorthi, >> >> Piotr already responded to your email: >> >>> MapLookup#newMap changed from private (as in 2.2) to package (as in >>> 2.17.1) in the course of history. Your Tomcat is picking up the >>> private one, which means that log4j-core-2.2.jar is still on the >>> classpath. >>> Double check that the old Log4j2 version are no longer there and >>> restart Tomcat to be sure. >>> >>> Piotr >> >> If this information does not help you, respond to >> [email protected] as Dominik told you. >> >> Kind regards, >> Christian >> >> >> -- >> The Apache Software Foundation >> V.P., Data Privacy >> >> On Mon, Mar 20, 2023, at 17:27, Gurumoorthi Vijayalingam wrote: >>> Hi Team, >>> >>> Can you please help us to fix this issue. >>> >>> Regards, >>> Guru. >>> >>> From: Dominik Psenner <[email protected]> >>> Sent: 04 March 2023 02:16 >>> To: [email protected] >>> Cc: Paolo Gil Ostrea <[email protected]>; Roark Hamilton >>> <[email protected]>; Gurumoorthi Vijayalingam >>> <[email protected]> >>> Subject: [External] Re: Log4j Issue >>> >>> CAUTION: This message was sent from outside of the company. Please >>> do not click links or open attachments unless you recognize the >>> source of this email and know the content is safe. >>> >>> Hi >>> >>> I'm CCing the original author of the message. Please read below. >>> Further please consider posting to the proper mailing list. The >>> request is not about a security issue and probably should have been >>> posted to [email protected]<mailto:[email protected]> >>> after subscribing to that mailing list. >>> >>> Warm regards >>> Dominik >>> -- >>> Sent from my phone. Typos are a kind gift to anyone who happens to find >>> them. >>> >>> On Fri, Mar 3, 2023, 21:17 Piotr P. Karwasz >>> <[email protected]<mailto:[email protected]>> wrote: >>> Gurumoorthi, >>> >>> On Fri, 3 Mar 2023 at 19:04, Gurumoorthi Vijayalingam >>> <[email protected]<mailto:[email protected]>> wrote: >>>> Just attached the error message and log4j configuration for your reference. >>> >>> MapLookup#newMap changed from private (as in 2.2) to package (as in >>> 2.17.1) in the course of history. Your Tomcat is picking up the >>> private one, which means that log4j-core-2.2.jar is still on the >>> classpath. >>> Double check that the old Log4j2 version are no longer there and >>> restart Tomcat to be sure. >>> >>> Piotr
