A recent vulnerability is detected in apache log4j jars. To resolve this we need to update the jars in ETL Validator. Please follow the below steps.
1. Navigate to the deployment directory:
(ex: C:\app\Datagaps\DataOpsSuite\DataOpsServer\Server\apache-tomcat\webapps) If you are not using the default tomcat provided with DataOps suite then you need to navigate to the valid tomcat location where you deployed the wars.
2. Download the new jars from the below link or if you have any private repository please download the below jars.
https://s3.amazonaws.com/
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar
log4j-jul-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
3. Navigate to the "CoreServiceRest" library folder.
(ex: C:\app\Datagaps\DataOpsSuite\DataOpsServer\Server\apache-tomcat\webapps\CoreServiceRest\WEB-INF\lib) Remove the below existing old jars.
log4j-api-2.*.0.jar
log4j-core-2.*.0.jar
log4j-jul-2.*.0.jar
log4j-slf4j-impl-2.*.0.jar
And paste new jars that are downloaded from the above link with latest jars (ex: 2.17.0)
4. This process should repeat for all the services which are in webapps folder. Need to remove the existing jars and replace with the below jars in service wars.
DataFlowService :-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
dataops-dataquality:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar
log4j-jul-2.17.0.jar
dataops-reporting:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar
log4j-jul-2.17.0.jar
dataops-scheduler:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
dataopssecurity:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
dataops-upgrade:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
DataPrepRest:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-slf4j-impl-2.17.0.jar
Piper:-
log4j-api-2.17.0.jar
log4j-core-2.17.0.jar
log4j-to-slf4j-2.17.0.jar
4. Restart the server.