Middleware
      Back to home
      1. Help Center
      2. Global
      3. Middleware

      How to address the potential Log4J vulnerability in Middleware

      Log4J is not used in the current version of Middleware but these files could exist if an earlier version was installed previously.

      Why do I need to update Middleware?

      Due to the log4j vulnerability, which was remediated in the UKG Ready Release 75 in March of 2021, customers running older versions of Middleware are advised to upgrade their Middleware to the latest version, 1.7.v78.

      How do I check which version of Middleware my organization is running?

      You can check which version of Middleware you are on by going into C:\MW, right-clicking, and opening “Start MW as Application” as an administrator. At the top title bar, you will see your current version.

       

      ACTIONS TO TAKE AFTER THE UPDATE

      Once the update is complete, please follow the steps below to remove files and restart the Middleware backup. Note, you will need to repeat this step on every computer where Middleware is installed.

      1. On your computer navigate to C:\MW (or the location of where you installed the Middleware if it is not the default)
      2. Open the "lib" folder and delete the two files below:
        1. log4j-api-2.11.1.jar
        2. log4j-core-2.11.1.jar
      3. Go back one screen, then open the "conf" folder and delete "log4j2.xml"
      4. Navigate back to C:\MW and right-click, run as admin on the file "Start MW as Service"

         

        How do we update Middleware prior to the automatic update from Fuse?

        If you are on 1.7.75 and above, you can delete the files below and you no longer need to take further action. This process must be repeated on every computer the Middleware is installed on.

        1. Navigate to C:\MW (or the location of where you installed the Middleware if it is not the default)
        2. Go into the "lib" folder and delete the two files below:
          1. log4j-api-2.11.1.jar
          2. log4j-core-2.11.1.jar
        3. Go back one screen, then open the "conf" folder and delete "log4j2.xml"

          If you are on a version less than 1.7v75.0, you can follow the steps below to resolve this manually, as this will be the fastest option to neutralize this. This process must be repeated on every computer the Middleware is installed on.

          1. Navigate to C:\MW and right-click, run as admin on "Stop MW Software"
          2. Run as admin on the file "Start MW as Application", then click "Download Latest Version" in the center of the Middleware window. If you see the black command prompt window open but the Middleware software does not open, check your system tray by clicking the up-arrow near the Windows time display.

          Wait 15 minutes for it to update. Once it finishes, close out the black command prompt window to close Middleware, follow the steps below and it should remove the inactive files.

          1. Navigate to C:\MW (or the location of where you installed the Middleware if it is not the default)
          2. Go into the "lib" folder and delete the two files below:
            1. log4j-api-2.11.1.jar
            2. log4j-core-2.11.1.jar
          3. Go back one screen, then open the "conf" folder and delete "log4j2.xml"
          4. Go back to C:\MW and right-click, run as admin on the file "Start MW as Service"