0

I want to change log4j version from 2.8.2 to 2.17.2 for fix vulnerable. I have changed the jars underneath of mule-enterprise-standalone-3.9.4\lib\boot but i am getting below error.

Please advise what else need to to changed.

I have added below jars though i'm getting below error.

log4j-slf4j-impl-2.17.2 , 
log4j-jul-2.17.2 , 
log4j-jcl-2.17.2 , 
log4j-api-2.17.2 , 
log4j-1.2-api-2.17.2

I have referenced the question : log4j2 for MULE 3 CE patch update

    Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=1024m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=1024m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: Using the ParNew young collector with the Serial old collector is deprecated and will likely be removed in a future release
Exception in thread "main" java.lang.NoSuchMethodError: com.lmax.disruptor.dsl.Disruptor.<init>(Lcom/lmax/disruptor/EventFactory;ILjava/util/concurrent/ThreadFactory;Lcom/lmax/disruptor/dsl/ProducerType;Lcom/lmax/disruptor/WaitStrategy;)V
        at org.apache.logging.log4j.core.async.AsyncLoggerConfigDisruptor.start(AsyncLoggerConfigDisruptor.java:212)
        at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:303)
        at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:621)
        at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:694)
        at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:711)
        at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:253)
        at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:155)
        at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
        at org.apache.logging.log4j.LogManager.getContext(LogManager.java:196)
        at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getContext(AbstractLoggerAdapter.java:137)
        at org.apache.logging.slf4j.Log4jLoggerFactory.getContext(Log4jLoggerFactory.java:55)
        at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getLogger(AbstractLoggerAdapter.java:47)
        at org.apache.logging.slf4j.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:33)
        at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:358)
        at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:383)
        at org.mule.module.boot.LicenseKeyHandler.<clinit>(LicenseKeyHandler.java:23)
        at org.mule.module.reboot.MuleContainerBootstrap.handleLicenseKey(MuleContainerBootstrap.java:221)
        at org.mule.module.reboot.MuleContainerBootstrap.main(MuleContainerBootstrap.java:69)
JVM exited while loading the application.
techhelp
  • 1
  • 1
  • Which jars have you updated? Can you list them all? – Harshank Bansal Jun 05 '22 at 18:23
  • You can try to update other dependencies too. You atleast need to update both log4j-core and log4j-api. But in the answer, there are more jars that are listed. You can try to do that. But only updating core jar will not help. – Harshank Bansal Jun 06 '22 at 07:05
  • first of all can you please go to the project directory and please send me the dependency tree ? command - mvn dependency:tree will see any log4j jar contains older version or not – Biltu - Technology Jun 11 '22 at 18:15

1 Answers1

0

Mule versions are developed with a specific log4j2 target version. Changing the version directly can lead to unpredictably errors like you are experiencing. To avoid the vulnerabilities in log4j2 without having compatibility issues you need to follow the instructions in MuleSoft Help Center that are available to Enterprise Edition customers. Note that the version that you are using is an Enterprise Edition release, not a Community Edition release. Alternatively downloading the last released build for your version may already incorporate the patches to fix the vulnerabilities. Although I would recommend to use Mule 3.9.5 since it is the final release of Mule 3.x and has additional bug fixes compared to 3.9.4.

aled
  • 21,330
  • 3
  • 27
  • 34