Log4j Vulnerability and Goliath Performance Monitor
Goliath Performance Monitor’s inventory collection component does include a version of the Java library Log4j that is subject to vulnerabilities. As a precaution and in accordance with Goliath best practices, we have released a patch addressing this issue that includes an updated version of Log4j.
This update applies to Goliath Performance Monitor Customers with v11.8.x and later using any of the following:
- VMware and XenServer monitoring
- Citrix Cloud
- EPIC Module
For earlier GPM versions (pre-11.8.x), no update is required.
Download the patch below:
Note: The patch was built using Log4j version 2.17.1.
Instructions for applying the patch
NOTE: This patch will update a file associated with the Goliath VMA component. This is typically located on the Goliath Server but may also be deployed to additional servers depending on your environment. If you need assistance, please contact Goliath Support.
- Download the update file and copy it to your GPM Server and any other servers where you have the VMA component installed.
- Go to the ..\MonitorIT\vma-api folder
- Use Windows Services to stop the MonitorIT Agent service.
- Copy the new app-1.0.0.jar file to the vma-api folder to replace the existing file.
- Restart the MonitorIT Agent Service.