For both airgapped and non-airgapped installations of Flow Enterprise Server, follow these steps to address the log4j vulnerability issue.
Note: These steps apply to Flow Enterprise Server versions 2020.2.2 and newer. If you’re on an earlier version of Flow Enterprise server and require assistance upgrading, please contact Pluralsight Support for assistance. Customers on 2021.3.1-2 do not need to apply these JVM configurations.
Log in to the Flow Enterprise KOTS admin console. This URL usually looks like https://[fully-qualified-flow-server-name]:8800
.
Once logged in, from the top menu under Dashboard, click Config.
Search for Java Options. There are several components that are Java-based.
Pass the additional flag of -Dlog4j2.formatMsgNoLookups=true
for each Java Options component.
The value field may have customized values from your previous Flow Enterprise Server setup. If so, preserve the customized values, and append the flag to the end of the option field.
If the field is blank, input the default value as indicated below the field, then append the flag to the end of the option field. You must add the default value before appending the flag.
Important: There must be a space between any values and the appended flag.
Here is an example of the above component after the new patch flag is added. Because there was no custom value, the default value was inputted, and the flag was appended to the end.
Repeat the above steps for all other Flow components where the Java Options field is present. These components may include:
- New Repository Java Options
- Ticket Processing Java Options
- Pull Request Processing Java Options
- Incremental Repository Java Options
- AOD Repository Java Options
- Background Repository Worker Java Options
- Data Pipeline Schedule Worker Java Options
- Miscellaneous Queue Worker Java Options
Once you’ve updated all Flow components with a Java Options field, scroll to the bottom of the screen to save the configuration. Then click Go to new version to deploy the updated configuration. Before deploying, you’ll need to wait for checks to finish running.
Click Deploy, then click Deploy this version.