Page History

...

If you find a match, you might need to replace log4j2 libraries inside each found war files (for example webapp.war). Please execute these steps:

1. Make sure application is not running
2. Download log4j v2.16.0 (or 2.17.0) from apache website (link)
3. Uncompress(unzip) webapp.war into any tmp folder
4. Search now for these jar files among unzipped ones

...

1. • log4j-core-2.*.jar

...

1. • log4j-api-2.*.jar
2. Replace any match by the 2.16.0 (or 2.17.0) version. Make sure the original filename is unchanged. See example below.
3. Compress(zip) all extracted files back to webapp_patched.war. Make sure files structure in new war is same as in original war.
4. Replace original webapp.war with webapp_patched.war and restore name back to webapp.war
5. Look for a folder named webapp next to webapp.war. Delete it if found.
6. Start application

Example - if you find log4j-core-2.11.2.jar:

...