A recent vulnerability is detected in apache log4j jars. To resolve this we need to update the jars in ETL Validator. Please follow the below steps.

1. Navigate to the deployment directory:
    (ex: C:\app\Datagaps\DataOpsSuite\DataOpsServer\Server\apache-tomcat\webapps) If you are not using the default tomcat provided with DataOps suite then you need to navigate to the valid tomcat location where you deployed the wars.

2. Download the new jars from the below link or if you have any private repository please download the below jars.
https://s3.amazonaws.com/DatagapsSingapore/log4j-jars.zip
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar

log4j-jul-2.17.0.jar

log4j-to-slf4j-2.17.0.jar

3. Navigate to the "CoreServiceRest" library folder.
   (ex: C:\app\Datagaps\DataOpsSuite\DataOpsServer\Server\apache-tomcat\webapps\CoreServiceRest\WEB-INF\lib) Remove the below existing old jars
log4j-api-2.*.0.jar 
log4j-core-2.*.0.jar

log4j-jul-2.*.0.jar
log4j-slf4j-impl-2.*.0.jar

And paste new jars that are downloaded from the above link with latest jars (ex: 2.17.0)


4. This process should repeat for all the services which are in webapps folder. Need to remove the existing jars and replace with the below jars in service wars.


DataFlowService :- 

log4j-api-2.17.0.jar 
log4j-core-2.17.0.jar

log4j-to-slf4j-2.17.0.jar

dataops-dataquality:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar

log4j-jul-2.17.0.jar

dataops-reporting:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar

log4j-jul-2.17.0.jar

dataops-scheduler:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar

dataopssecurity:- 

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar

dataops-upgrade:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar

DataPrepRest:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar

Piper:-

log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar


4. Restart the server.