We need steps to remediate/fix the CVE-2021-44228 log4j vulnerability for Spotfire version 10.9.0.

[Malligaarjun A]

I already followed the document pdf shared on the community post but when I replace the log4j file and restarting the java it deletes and downloads same files again. Could you please share me the correct steps to fix the issue?

[Fredrik Rosell 3]

Hello,

Just to make sure you have followed the correct instructions, you have followed the instructions in Support KB article 000045607 - https://support.tibco.com/s/article/TIBCO-Spotfire-Mitigation-for-CVE-2021-44228-Log4Shell?_ga=2.215569239.139752322.1677486158-776196050.1636355826 ? Those instructions have been very widely used, so there is little chance at this point of any general issues with the instructions but there are many steps and easy to get something wrong, so consider repeating the process.

Troubleshooting this further, as it is a security issue, would require a support case, but version 10.9 is quite old and no longer eligible for support (since July 31, 2021), so my only recommendation (as a TIBCO employee) is to upgrade to a supported version, such as the latest LTS version - TIBCO Spotfire 12.0 (where this issue has already been addressed out of the box).

Best Regards

Fredrik (TIBCO Support)