Download
Release Date
4 March 2022
Abstract
IBM Rational Change 5.3.2.4_iFix001 has been made generally available and contains fix for CVE-2021-4104.
Download Description
Sections | Description |
---|---|
The Change history section provides an overview on what is new in this release with a description of any new functions or enhancements when applicable. |
|
The How critical is this fix section provides information related to the impact of this release to allow you to assess how your environment may be affected. |
|
The Prerequisites section provides important information to review prior to the installation of this release. |
|
The Download package section provides the direct link to obtain the download package for installation in your environment. |
|
The Installation instructions section provides the installation instructions necessary to apply this release into your environment. |
|
The Known side effects section contains a link to the known problems (open defects) identified at the time of this release. |
Prerequisites
Installation Instructions
Review also the Upgrading page in the IBM Knowledge Center for additional details. |
- Log in to the machine where Rational Change 5.3.2.4 is installed as the user who installed Rational Change.
- Unzip (Windows) or untar (UNIX) the patch file into <CHANGE_APP_HOME>/WEB-INF/packages. The resultant directory will have the name rc<patch version>.
For example, on UNIX:
$ cd <CHANGE_APP_HOME>/WEB-INF/packages
$ tar xvf <file path> - Install the iFix
Login to the Rational Change Admin interface and click the System Administration link in the action panel.
Click on the Package Installer tab, select the iFix rc5.3.2.4.01 from the Available Packages list box, and click the Install button. -
Copy the attached iFix file "log4j2.xml" (for the relevant platform) from "lo4j2.zip" into the path <CHANGE_APP_HOME>/WEB-INF/classes/
-
After the patch installation is successful, stop Rational change.
-
Backup and delete "log4j.jar" from <CHANGE_APP_HOME>/WEB-INF/lib/.
-
Start Rational change.Note:
If context path is other than "change" while installation of Rational Change then set the "event.log" and "velocity.log"
path accordingly in "log4j2.xml".
For example: <Property name="eventfile">../webapps/<context path>/logs/event.log</Property>
- Login to Rational Change as Admin, and click the System Administration link in the action panel. Uninstall the iFix.
-
Uninstall the iFix :
Click on the Package Installer tab, select the iFix from the Installed Packages listbox and click the Uninstall button. -
After the patch uninstall is successful, stop Rational Change.
-
Delete the log4j2 related jar files (log4j-1.2-api-2.17.1.jar, log4j-api-2.17.1.jar and log4j-core-2.17.1.jar), if persist in the path <CHANGE_APP_HOME>/WEB-INF/lib/.
For example, on UNIX:
$ cd <CHANGE_APP_HOME>/WEB-INF/lib
$ rm -f log4j-1.2-api-2.17.1.jar log4j-api-2.17.1.jar log4j-core-2.17.1.jar -
Copy the backed up file "log4j.jar" into <CHANGE_APP_HOME>/WEB-INF/lib/.
-
Start Rational Change.
Download Package
The following sections provide detailed information related to this release.
Click the FC link below to obtain the release from Fix Central.
How critical is this fix?
Impact | Description |
---|---|
Corrective |
This is a maintenance release. It contains fixes for client-reported and internally found defects. |
There are no known regressions to report. |
Problems Solved
Click the Fix List link in the table of contents above to review a list of the problems solved in this release. |
Known Side Effects
No known issues. |
Change History
Provided remediation for the CVE-2021-4104. Log4j upgraded to log4j-2.17.1. in Rational Change. |
Click the link in the Download Options column:
Was this topic helpful?
Document Information
Modified date:
03 March 2022
UID
ibm16560010