Log4J Vulnerability – CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) 

To fix this issue please follow the steps below. All ArkCase versions 2021.02.28 and before are affected by this vulnerability. If you are using a newer version of ArkCase, then nothing needs to be done.

Note: This fix will require a Solr and ArkCase restart. Please make sure you back up both setenv.sh and solr.in.sh files before making these changes.

  1. Log into the server via ssh
  2. Switch the user to root
    • sudo su
  3. Stop ArkCase service
    • systemctl stop arkcase
  4. Stop Solr service
    • systemctl stop solr
  5. Navigate to /opt/app/arkcase/app/arkcase/bin or /opt/arkcase/app/arkcase/bin
  6. Make backup of the setenv.sh
    • cp setenv.sh setenv.sh.BACKUP
  7. Open the setenv.sh file
  8. Find the following string:
    • export JAVA_OPTS=”-Djava.net.preferIPv4Stack=true –
    • Add -Dlog4j.formatMsgNoLookups=true before closing the quotes
  9. Navigate to /opt/app/arkcase/app/solr/bin or /opt/arkcase/app/arkcase/bin
  10. Make a backup of the solr.in.sh file
    • cp solr.in.sh solr.in.sh.BACKUP
  11. Find the following string
    • SOLR_OPTS=”$SOLR_OPTS -Dcom.sun.management.jmxremote –
    • Add -Dlog4j.formatMsgNoLookups=true before closing the quotes
  12. Start solr by running the following command
    • systemctl start solr
  13. Start arkcase by running the following command
    • systemctl start arkcase