This article gives tips about ways to update the log4j library, one of the External utilities used by GeneXus-generated web applications, in different environments.
These tips are useful for any installation, independently of the GeneXus version.
Replace the following .jar files of your application installation. They may be in the WEB-INF/lib folder of the web application in the web server, referenced in the classpath of a command-line application, among others.
- log4j-core-x.x.jar
- log4j-api-x.x.jar
- log4j-1.2-api-x.x.x.jar
where x.x.x is 2.17.1 or the latest available log4j version
Several changes are required in order to use the new libraries in prototyping and deployment time
1) Replace these files if present on the installation directory folder /gxjava for the newer version.
- log4j-core-x.x.jar
- log4j-api-x.x.jar
- log4j-1.2-api-x.x.x.jar
2) Add the new versions to the classpath
Note: If you do not set the classpath, you will get an error like 'Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/logging/log4j/core/lookup/MapLookup'.
3) Edit the createwebapplication.bat so that it deletes old log4j libraries and copies the new ones.
1) Add the commands to copy the new lo4j api on the file ~/gxjava/createwebapplication.bat .
2) Find the following section in the file
if %8 == "6" goto copy_files_java6
if exist %1\webapps\%2\WEB-INF\lib\log4j-api-2.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-api-2.3.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-core-2.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-core-2.3.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-api-2.11.2.jar del %1\webapps\%2\WEB-INF\lib\log4j-api-2.11.2.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-core-2.11.2.jar del %1\webapps\%2\WEB-INF\lib\log4j-core-2.11.2.jar
if exist %1\webapps\%2\WEB-INF\lib\mail.jar del %1\webapps\%2\WEB-INF\lib\mail.jar
xcopy log4j-api-2.13.3.jar %1\webapps\%2\WEB-INF\lib /Y /D
xcopy log4j-core-2.13.3.jar %1\webapps\%2\WEB-INF\lib /Y /D
xcopy javax.mail-1.6.2.jar %1\webapps\%2\WEB-INF\lib /Y /D
and do the following changes:
if exist %1\webapps\%2\WEB-INF\lib\log4j-api-2.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-api-2.3.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-core-2.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-core-2.3.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-api-2.11.2.jar del %1\webapps\%2\WEB-INF\lib\log4j-api-2.11.2.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-core-2.11.2.jar del %1\webapps\%2\WEB-INF\lib\log4j-core-2.11.2.jar
// ADD THESE TWO LINES
if exist %1\webapps\%2\WEB-INF\lib\log4j-api-2.13.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-api-2.13.3.jar
if exist %1\webapps\%2\WEB-INF\lib\log4j-core-2.13.3.jar del %1\webapps\%2\WEB-INF\lib\log4j-core-2.13.3.jar
if exist %1\webapps\%2\WEB-INF\lib\mail.jar del %1\webapps\%2\WEB-INF\lib\mail.jar
// MODIFY THESE TWO LINES ADDING THE NEW API VERSION
xcopy log4j-api-x.x.x.jar %1\webapps\%2\WEB-INF\lib /Y /D
xcopy log4j-core-x.x.x.jar %1\webapps\%2\WEB-INF\lib /Y /D
// MODIFY THIS LINE ADDING THE NEW API VERSION IF YOU ARE IN GENEXUS 17 UPGRADE 7 OR HIGHER
xcopy log4j-1.2-api-x.x.x.jar %1\webapps\%2\WEB-INF\lib /Y /D
xcopy javax.mail-1.6.2.jar %1\webapps\%2\WEB-INF\lib /Y /D
Note: Lines of this code snippet may depend on the GeneXus version.
Change the inputs present on the file ~/gxjava/JavaLibs.targets referencing the log4j files
Example:
<Lib Include="log4j-core-x.x.x.jar">
<System>true</System>
<VersionSpecific>7</VersionSpecific>
<Reorg>true</Reorg>
</Lib>
<Lib Include="log4j-api-x.x.x.jar">
<System>true</System>
<VersionSpecific>7</VersionSpecific>
<Reorg>true</Reorg>
</Lib>
<Lib Include="log4j-1.2-api-x.x.x.jar">
<System>true</System>
<VersionSpecific>7</VersionSpecific>
</Lib>
- Do not download binary files from untrusted sources, use a trusted official source such as maven.org
Note: This article is specific for the log4j and not generic for all external libraries because of log4j maintained compatibility. The best practice to avoid security issues is to not just update log4j but to upgrade to the newest version of GeneXus.