Back to QMetry All Products Help Page
Log4j security vulnerability patch (CVE-2021-44228) - Windows server instances
Note: This patch is specifically for the QMetry Test Management tool hosted over Windows Server non docker based instances.
This page contains information for patching the recently published remote code execution 0-day vulnerability (CVE-2021-44228) affecting Log4j.
Reference: Apache Log4j Security Vulnerabilities
Steps to be followed on QMetry Application Server
Login to the QMetry App Server and ensure the App and DB services are stopped.
Go to Run > Type services.msc
Search for MySQL and "qmetry" service listed as Apache Tomcat 9.0 qmetry
Note: If the services are running, stop them in order - “qmetry” and then MySQL.
Remove the following log4j jar files from the location: C:\QMetry-Windows-Install\QMetry\webapps\ROOT\WEB-INF\lib\
log4j-core-2.8.2.jar
log4j-api-2.8.2.jar
log4j-1.2.17.jar
Download the log4j 2.15.0 jar file(s) from this secure OneDrive link.
Copy the jar files log4j-core-2.15.0.jar and log4j-api-2.15.0.jar downloaded from the above link to the below location in the QMetry app.
C:\QMetry-Windows-Install\QMetry\webapps\ROOT\WEB-INF\lib\
Start QMetry Database and App Services
Go to Run > Type services.msc. Restart the services in the following order.
Start: MySQL service
Start: "qmetry" service listed as Apache Tomcat 9.0 qmetry
Steps to be followed on QMetry Reports Server
Login to the QMetry Reports Server and download the “run.bat“ file from this secure OneDrive link.
Go to the following location.
"C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/"
Replace the existing “run.bat” file with the one downloaded from Step 1.
Restart Report Services
Close the two .jar command prompts to stop the reports services. Execute the run.bat batch file to start the reports services again from the same location - "C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/"
Back to QMetry All Products Help Page