Professional Documents
Culture Documents
If you have any questions concerning the content of this notice, please open a case via
the HELP24 eSupport portal at www.aciworldwide.com/support.
The configuration change required for addressing the Log4J vulnerability in the short term involves adding
a system property to the operating system. The property to be set is dependent on the version of Postilion
that is running. There are two steps to perform:
Save the following commands in a batch file to output version in a text file:
cd %postiliondir%
dir /s *log4j*.jar > C:/temp/find_log4j_lib_output.txt
The output of the command will list the Log4J jar file in use and its version number.
Configuration Change:
The change needs to be made on all servers running an affected Postilion application. All affected
Postilion services must be restarted after the change.
Version Remediation
2.10
Setting either the system property log4j2.formatMsgNoLookups or the environment
and greater
variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.
2.7 to Note: A default installation of Postilion does not utilize the Log4Scribe. If an entry is
2.14.1 present, it would have been added as a manual entry.
1.0
No impact. No remedial action required.
(all versions)
Page 2 of 2