Log4j Vulnerability and Goliath Performance Monitor
Goliath Performance Monitor’s inventory collection component does include a version of the Java library Log4j that is subject to vulnerabilities. As a precaution and in accordance with Goliath best practices, we have released a patch addressing this issue that includes an updated version of Log4j.
This update applies to Goliath Performance Monitor customers using any of the following:
- VMware and Citrix Hypervisor
- Citrix Cloud
- EPIC Module
Download the patch below based on your Goliath Version:
- Goliath v12.0.0 and newer: GPM Log4j Update
- Goliath v11.8.X to v11.9.x: GPM Log4j Update
Note: The patch was built using Log4j version 2.17.1.
Instructions for applying the patch
NOTE: This patch will update a file associated with the Goliath VMA component. This is typically located on the Goliath Server but may also be deployed to additional servers depending on your environment. If you need assistance, please contact Goliath Support.
- Download the update file and copy it to your GPM Server and any other servers where you have the VMA component installed.
- Go to the ..\MonitorIT\vma-api folder
- Use Windows Services to stop the MonitorIT Agent service.
- Copy the new app-1.0.0.jar file to the vma-api folder to replace the existing file.
- Restart the MonitorIT Agent Service.
Each time Goliath is updated, you'll need to reapply the updated file. We recommend keeping a backup on the system.