I'm trying to update log4j vulnerability for DP10.70 I need to undeploy/deploy a new dp-gui.war file


SO I need to run DP10.70 to maintain backups of some older systems. I'm running Linux CM/IS  and the GUI on a windows machine.  It's my windows installation I'm having an issue with.

My organization requires that all versions of log4j be updated to the latest.   

I've replaced the entries on DataProtector\OminiBack\bin\telemetry   So I updated log4j-core-2.11.2 to log4j-2.17.2.jar 

that was no problem.  

But when the AppServer is running I find log4j-1.2.16.jar under the tmp\AppServer\vfs\ folders.

I know that this Jar file is bundled into DP-GUI.war

I can extract the war and replace the log4j-1.2.16.jar with the latest (reload4j-  My issue is now I need to undeploy / deploy this updated dp-gui.war file only I can't seem to figure the command.

So I fixed my linux install using the jboss-cli.sh -c --command="undeploy/deploy" --force /omni/bin/components/dp-gui.war"  (in case you are wondering this did indeed replace my old dp-gui.war file and when I run DP the AppServer/vfs now contains my new log4j jar file. And it works.

I can't seem to figure out what command will work to do this on windows though.  

I know its jboss-cli.bat  but so far i've not been able to connect and update this file.

I have a ticket with Microfocus but so far they have not been able to help and since I think in their opinion this file doesn't need to be updated to be compliant....however our security folks say otherwise.


Top Replies