Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

[Updated] Regarding log4j CVE-2021-44228 with DTP and Standalone License Server

sang_parasoft
sang_parasoft Posts: 24 admin
edited December 2021 in DTP

NIST recently released several Apache's log4j Zero-Day vulnerability cases, a very popular Java library to log messages in Java Applications.

DTP and Standalone License Server versions impacted:

  • 2021.1
  • 2021.2

Any older releases include log4j 1.x which are **not **impacted by this vulnerability.

Updated Release for DTP and Standalone License Server

Updated DTP and Standalone License Server are now
(as of December 20, 2021) available on the Customer Portal Download page. Both include log4j 2.16.0 to address CVE-2021-44228.

  • 2021.1.2
  • 2021.2.3

Workaround Solution for DTP and Standalone License Server

DTP 2021.2, 2021.1 - Windows

  1. Edit <DTP_INSTALL_DIR>\bin\variables text file
  2. Add the following parameter -Dlog4j2.formatMsgNoLookups=true to both lines:
DTP_JAVA_OPTS=-Xms1024m -Xmx4096m -XX:+HeapDumpOnOutOfMemoryError -Dlog4j2.formatMsgNoLookups=true -Djava.util.Arrays.useLegacyMergeSort=true -Dscontrol.ext.dir="!DTP_HOME!\plugins\scontrol" -DuseExternalLock=false -Dsun.jnu.encoding=UTF-8 -Dfile.encoding=UTF-8 

DC_JAVA_OPTS=-Xms1024m -Xmx4096m -XX:+HeapDumpOnOutOfMemoryError -Dlog4j2.formatMsgNoLookups=true  -Djava.util.Arrays.useLegacyMergeSort=true -Dsun.jnu.encoding=UTF-8 -Dfile.encoding=UTF-8 -DuseExternalLock=false -Dcom.parasoft.sdm.dc.build.details.to.keep=2
  1. Restart DTP server and Data Collector services

DTP 2021.2, 2021.1 - Linux

  1. Edit <DTP_INSTALL_DIR>/bin/variables text file
  2. Add the following parameter -Dlog4j2.formatMsgNoLookups=true to the line:
ENCODING_VARS=" -Dlog4j2.formatMsgNoLookups=true -Dsun.jnu.encoding=UTF-8 -Dfile.encoding=UTF-8 "

  1. Restart DTP server and Data Collector services

Standalone License Server- Windows

  1. Edit <LS_INSTALL_DIR>\app\setVars.bat text file
  2. Add the following parameter -Dlog4j2.formatMsgNoLookups=true to the line below
set JAVA_OPTS=-Dsun.jnu.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dfile.encoding=UTF-8 -Ddtp.datadir="%LSS_DATADIR%"
  1. Restart License Server

Standalone License Server- Linux

  1. Edit <LS_INSTALL_DIR>/app/setVars.sh text file
  2. Add the following parameter -Dlog4j2.formatMsgNoLookups=true to the line below
export JAVA_OPTS="-Dsun.jnu.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dfile.encoding=UTF-8 -Ddtp.datadir=\"$LSS_DATADIR\""
  1. Restart License Server