Suppress LDAP Lookup In Log4j in Adobe Connect
Since the writing of this article, Adobe Connect engineering has released the following patch which addresses the Log4j issues for versions of Adobe Connect prior to 11.4b: https://www.adobe.com/go/Connect11_log4j
The patch listed above supersedes the procedure listed below. This is an evolving concern and the JRE is updated in Adobe Connect 11.4b:
The release notes for 11.4b are here: https://helpx.adobe.com/sea/adobe-connect/release-note/adobe-connect-11-4b-release-notes.html
The 11.4b download is here: https://www.adobe.com/go/Connect11_4b
The procedure below was the first response and the patches above are the subsequent evolving remediation; 11.4b updates Log4j to version 2.17.1.
We recommend you apply the following configuration change on your Adobe Connect servers immediately. We’re applying this configuration change ourselves now on all Adobe Connect Hosted and ACMS clusters. The change fully addresses an emerging log4j issue. It requires a full system restart of Adobe Connect to implement. Do this on all Adobe Connect servers and restart.
Note: Please be careful of using copy/paste from this article; it may not format correctly. Please confirm syntax when pasting. And always make a backup copy of any files before editing.
Here are the steps that need to be done on all Adobe Connect origin servers, (not on AEM, ACTS, etc). A restart is of Adobe Connect is needed:
For Adobe Connect, target the following two files:
1\ CPS wrapper service config – appserv/conf/ConnectProSvc.conf –> add the following java system property line after the current line with index “.63”
2\ TelSvc wrapper service config –> TelephonyService\conf2\ TelSvc wrapper service config –> TelephonyService\conf\TelephonyService.conf –> add the following java system property line after the current line with index “.56”
In case there is any clash with existing indexes above (65 or 57) for some reason, please choose a non-conflicting one. A service restart will be required afterwards.
To be clear, only the following config is needed:
In the wrapper service config file, it needs to be added to the block that has the comment “# System property definitions…” with the next higher index so as to not clash.
“xx” should be higher than the last index in that block. If it is 63 then simply add 64 or 65 or something like that. If it is 56 they can add 57 or 58 or something like that. Be sure to not comment out anything else. The “AsyncLoggerContextSelector” etc. was just added in the post as a placeholder for example; if you do not already have that then do not add it.
Update: Adobe released updated files on 12/18.
The patch is here for on-premise Adobe Connect servers: https://www.adobe.com/go/Connect11_log4j All SaaS hosted is patched. Note: Adobe Connect versions prior to 10.1 are not vulnerable since they use log4j 1.x.