Log4j security vulnerability patch (CVE-2021-44228) - Windows server instances

Note: This patch is specifically for the QMetry Test Management tool hosted over Windows Server non docker based instances.

This page contains information for patching the recently published remote code execution 0-day vulnerability (CVE-2021-44228) affecting Log4j.

Login to the QMetry App Server and ensure the App and DB services are stopped.
- Go to Run > Type services.msc
- Search for MySQL and "qmetry" service listed as Apache Tomcat 9.0 qmetry
  - Note: If the services are running, stop them in order - “qmetry” and then MySQL.
Remove the following log4j jar files from the location: C:\QMetry-Windows-Install\QMetry\webapps\ROOT\WEB-INF\lib\
- log4j-core-2.8.2.jar
- log4j-api-2.8.2.jar
- log4j-1.2.17.jar
Download the log4j 2.15.0 jar file(s) from this secure OneDrive link.
Copy the jar files log4j-core-2.15.0.jar and log4j-api-2.15.0.jar downloaded from the above link to the below location in the QMetry app.
- C:\QMetry-Windows-Install\QMetry\webapps\ROOT\WEB-INF\lib\
Start QMetry Database and App Services
- Go to Run > Type services.msc. Restart the services in the following order.
  - Start: MySQL service
  - Start: "qmetry" service listed as Apache Tomcat 9.0 qmetry

Login to the QMetry Reports Server and download the “run.bat“ file from this secure OneDrive link.
Go to the following location.
- "C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/"
Replace the existing “run.bat” file with the one downloaded from Step 1.
Restart Report Services
- Close the two .jar command prompts to stop the reports services. Execute the run.bat batch file to start the reports services again from the same location - "C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/"