Home > Net >  tomcat server for setting java -Dlog4j2.formatMsgNoLookups=true
tomcat server for setting java -Dlog4j2.formatMsgNoLookups=true

Time:12-15

How can we set the tomcat server 7.0 (java 1.7) or tomcat application so that it is -Dlog4j2.formatMsgNoLookups=true to avoid log4j vulnerability problems.

Should I just add to $CATALINA_BASE/bin/setenv.sh?

CodePudding user response:

That depends on how Tomcat is started. If the startup.sh/catalina.sh scripts are used (usual in Unix environments), then adding:

CATALINA_OPTS="$CATALINA_OPTS -Dlog4j2.formatMsgNoLookups=true"

in $CATALINA_BASE/bin/setenv.sh will work. If you are using Windows and start Tomcat as a service it will not.

An alternative universal way is to add a file $CATALINA_BASE/lib/log4j2.component.properties (see documentation; log4j2.system.properties will also work, but it is undocumented) and set:

log4j2.formatMsgNoLookups=true

there.

Page link:https//www.codepudding.com/net/228308.html

Prev:Are there security concerns with embedded Tomcat's Context.docBase?
Next:Tomcat 9.0.52 won't load project from the WAR file
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding