There are two paths for this security mitigation

Patching the Log4j jar file

1. Download the patched jar file: log4j-1.2.17-NoJMS-2.jar
   
2. Remove the current log4j jar file from the /TOMCAT_HOME/webapps/ceg50-x/WEB-INF/lib/ sub-directory.
   1. The file will be named log4j-1.2.12.jar.
3. Copy the patched jar file into your Transferology Connector install under the sub-directory /TOMCAT_HOME/webapps/ceg50-x/WEB-INF/lib/
   1. Example: apache-tomcat/webapps/ceg50-tomcat-22/WEB-INF/lib/log4j-1.2.17-NoJMS-2.jar
4. You can review the /TOMCAT_HOME/webapps/ceg50-x/WEB-INF/classes/log4j.properties file to confirm the JMS Appender is not configured.
5. Restart your webserver

Download the patched Transferology Connector

1. First, create a copy of your cas4.properties and log4j.properties
   1. These are found in the /TOMCAT_HOME/webapps/ceg50-x/WEB-INF/classes directory
2. Download the most recent Transferology Connector
   1. Connector Downloads

3. Uncompress war, add school specific properties, rebuild war

   Note
   title Working Directory /tmp/ceg
   Make sure your current directory is /tmp/ceg when you execute the jar xvf and jar cvf commands below.

   1. cp ceg50-tomcat-23.war /tmp
   2. mkdir /tmp/ceg
   3. cd /tmp/ceg
   4. jar xvf /tmp/ceg50-tomcat-23.war

   5. Replace WEB-INF/classes/cas4.properties with your existing CEG's cas4.properties; edit as necessary

   6. Replace WEB-INF/classes/log4j.properties with your existing CEG's log4j.properties; edit as necessary
   7. cd /tmp/ceg
   8. jar cvf /tmp/ceg50-tomcat-23.war *
4. Replace the current Transferology Connector war file with the patched and updated version
   1. Remove your deployed ceg50-x war file from /TOMCAT_HOME/webapps/
   2. Copy ceg50-tomcat-23.war into the /TOMCAT_HOME/webapps/ directory.
   3. Start Tomcat if it is not already started
   4. Tomcat will automatically create the /TOMCAT_HOME/webapps/ceg50-tomcat-23/ directory structure