Customers who would like to manually update individual components such as TNT4J-Streams, Apache Kafka, ActiveMQ, or who would like to update the Log4j version may follow the steps below.
- Stop all the services by using the command
- Update your current TNT4J-Streams version.
- Update the Kafka component.
- Update ActiveMQ
- Update the Log4j version.
- After the above steps have been completed, restart all the services to apply the changes.
Note: Customer deployed versions do not fall under the meshIQ support policy but we will make best effort to assist with issues that arise.
Update the Log4j version
As we announced in December of 2021, your usage of meshIQ products is not impacted by the Log4j V2 security vulnerability identified as CVE-2021-44228. We do not log information in the way that would be required to leverage the vulnerability. See meshIQ response to Log4j vulnerabilities to read our announcement pertaining to this vulnerability.
However, customers may wish to manually update the Log4j version. To do so, follow the instructions below.
- Stop web, CEP, and Domain servers, then stop Solr by using the command
- Replace the jar files with the latest Log4j core version in the following locations:
- Also, you can replace the
commons-text-xxx.jarfile in the following location:
- Restart the Domain, CEP, and web servers, and Solr.