log4shell Archives - Holodeck B2B

Patching the Log4J vulnerability

By | News | No Comments

Holodeck B2B uses Apache Log4J for logging, which means gateways are potentially vulnerable to the Log4Shell exploit.

Please patch your Holodeck B2B gateway following the steps below to update Log4J as soon as possible. You can also upgrade your gateway to version 5.3.1.

Installing this Log4J update will require stopping and restarting your gateway. Please read through all steps of the process beforehand.

1. Download the most recent Log4J 2 release from the official project website: https://logging.apache.org/log4j/2.x/download.html and extract it
2. Go to the lib directory of the Holodeck B2B installation.
3. In the lib directory, locate all files where the name starts with ‘log4j-*’ and find the file with the same name in the downloaded archive. The downloaded archive will contain more files than needed. You only need the files with the same names as those that are in the lib folder.
4. Create a temporary folder on your machine and copy these files from the downloaded archive to this folder.
5. Stop Holodeck B2B
6. Replace the old files in the Holodeck B2B lib directory with the downloaded files from your temporary folder
7. Restart Holodeck B2B