You are not logged in. Click here to log in.

codebeamer Application Lifecycle Management (ALM)

Search In Project

Search inClear

Tags:  not added yet

How to replace Log4j jars in docker container

Following the appearance of some security issues concerning a vulnerability in Apache Log4j, it is highly recommended to upgrade the Log4j used in the dockerized codebeamer.

For more information about the issue, see: Apache Log4j vulnerability and fixes.

Upgrading Log4j jars

  1. Download the following files:
  2. Create a Dockerfile with the following content, in the same folder:
    FROM intland/codebeamer:21.09-SP2
    
    ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
    
    # Update excel jar - Start
    ADD cb-excel-import-integration.jar /home/appuser/codebeamer/msoffice
    # Update excel jar - End
    
    
    # Update log4j2 jars for codebeamer - Start
    RUN rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-1.2-api-*.jar && \
    rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-api-*.jar && \
    rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-core-*.jar && \
    rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-jul-*.jar && \
    rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-*.jar
    
    
    ADD log4j-1.2-api-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib
    ADD log4j-api-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib
    ADD log4j-core-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib
    ADD log4j-jul-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib
    ADD log4j-slf4j-impl-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib
    # Update log4j2 jars for codebeamer - End
    
    
    # Update log4j2 jars for scmloop - Start
    RUN rm /home/appuser/codebeamer/repository/scmloop/log4j-1.2-api-*.jar && \
    rm /home/appuser/codebeamer/repository/scmloop/log4j-api-*.jar && \
    rm /home/appuser/codebeamer/repository/scmloop/log4j-core-*.jar
    
    
    ADD log4j-1.2-api-2.17.1.jar /home/appuser/codebeamer/repository/scmloop
    ADD log4j-api-2.17.1.jar /home/appuser/codebeamer/repository/scmloop
    ADD log4j-core-2.17.1.jar /home/appuser/codebeamer/repository/scmloop
    # Update log4j2 jars for scmloop - End

Build docker container

Run the following command from a terminal/command line in the same folder as the Dockerfile:

docker build . -t codebeamer:21.09-SP2-log4j217