Over the past few days a critical vulnerability has been identified in the Apache Log4j module and lots of applications over the world are affected by this.
The latest information regarding VMware Products which have been affected by this vulnerability can be found here:
For vRealize Suite Lifecycle Manager (vRSLCM) 8.X VMware provides a workaround currently. See the KB below:
UPDATE 14/12/2021: VMware has updated the KB Article mentioned above and stated that you could also resolve the error by renaming the old .jar file to <old_jar_file_name>_old.jar; out blog post has been adjusted to reflect this.
I was applying the Fix on various vRLSCM environments from a few customers and encountered the following Error on some of them:
./log4jfix.sh: line 4: [: vmlcm-service-8.1.1-SNAPSHOT.jar: binary operator expected
I was running vRSLCM 8.4.1 (PATCH 2) at this customer and according to the Error Message the script tried to use the 8.1.1 Jar.
The contents of the log4jfix.sh script looked as follows:
The solution so far that worked for me (and for others, see VMware Communities link) is to remove the OLDER version of the .jar file in the above mentioned location (/var/lib/vrlcm). The .jar file of the vRSLCM version that you’re running should be kept; only remove the older one.
Go to the ‘/var/lib/vrlcm‘ directory on your affected vRSLCM Appliance and list its contents:
Rename / Move this older version of the .jar file (adjust the command below to your older version’s .jar file being there):
mv vmlcm-service-8.1.1-SNAPSHOT.jar vmlcm-service-8.1.1-SNAPSHOT_old.jar
mv vmlcm-service-8.1.1-SNAPSHOT.jar /tmp
Try running the script again, it should now succeed and use the correct .jar file:
Hope it helped!