This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kohnvize
Level 3
‎Mar 28, 2024 12:00 PM

Upgraded from IA 2023 R1 to R2. Now two log4j jar files are zero size

Immediately after upgrading to R2, all installers have two zero-size jar files. The other 90+ jars we include are fine, but two log4j jars from Apache, log4j-core.jar and log4j-1.2-api.jar are present but a size of 0. I can see them as zero size in the created installer on our IA build box when exploring the installer with 7-zip. The same to jars are the correct size in our resource folder that contains all the jars for IA to build from. This is quite a problem.

0 Kudos
(3) Replies
mike_killoran
Level 4
‎Mar 30, 2024 06:48 PM

I would defer to support, but there was a security issue with log4j.  It was likely removed for that reason.  I'd think if you need to use it, you'll want to provide it yourself and make sure the one you use has the fix.

0 Kudos
kohnvize
Level 3
In response to mike_killoran
‎Apr 02, 2024 08:51 AM

The log4j vulnerability was fixed by Apache in versions prior to the version we are using. The jars are not being removed by IA, they are left in place but corrupted, other copies of the same two jars are left unchanged (functional) in another part of the payload, and IA does not mention anywhere that this action is intentional.

0 Kudos
vjayaraman
Revenera
Revenera
‎Apr 04, 2024 01:54 AM

Are those files from the 'Install speed' folder contained within a JAR?Did the files happen to get duplicated?

0 Kudos