How to Replace Log4j Jars in Docker Container

Developer's Guide > Developer's Guide > Codebeamer Developer Tools > Docker > How to Replace Log4j Jars in Docker Container

Following the appearance of some security issues concerning a vulnerability in Apache Log4j, it is highly recommended to upgrade the Log4j used in the dockerized Codebeamer.

Upgrading Log4j jars

1. Download the following files:

◦ log4j-jul-2.17.1.jar

◦ log4j-slf4j-impl-2.17.1.jar

◦ log4j-1.2-api-2.17.1.jar

◦ log4j-api-2.17.1.jar

◦ log4j-core-2.17.1.jar

◦ cb-excel-import-integration.jar

2. Create a Dockerfile with the following content, in the same folder:

FROM intland/codebeamer:21.09-SP2

ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true

# Update excel jar - Start

ADD cb-excel-import-integration.jar /home/appuser/codebeamer/msoffice

# Update excel jar - End

# Update log4j2 jars for codebeamer - Start

RUN rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-1.2-api-*.jar && \

rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-api-*.jar && \

rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-core-*.jar && \

rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-jul-*.jar && \

rm /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib/log4j-slf4j-impl-*.jar

ADD log4j-1.2-api-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib

ADD log4j-api-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib

ADD log4j-core-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib

ADD log4j-jul-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib

ADD log4j-slf4j-impl-2.17.1.jar /home/appuser/codebeamer/tomcat/webapps/ROOT/WEB-INF/lib

# Update log4j2 jars for codebeamer - End

# Update log4j2 jars for scmloop - Start

RUN rm /home/appuser/codebeamer/repository/scmloop/log4j-1.2-api-*.jar && \

rm /home/appuser/codebeamer/repository/scmloop/log4j-api-*.jar && \

rm /home/appuser/codebeamer/repository/scmloop/log4j-core-*.jar

ADD log4j-1.2-api-2.17.1.jar /home/appuser/codebeamer/repository/scmloop

ADD log4j-api-2.17.1.jar /home/appuser/codebeamer/repository/scmloop

ADD log4j-core-2.17.1.jar /home/appuser/codebeamer/repository/scmloop

# Update log4j2 jars for scmloop - End

Build docker container

Run the following command from a terminal/command line in the same folder as the Dockerfile:

docker build . -t codebeamer:21.09-SP2-log4j217

Was this helpful?