Skip to main content
Skip table of contents

Maintenance - Log4j Vulnerability

Germain team became aware of a widespread security vulnerability commonly known as “Log4j” (CVE-2021-44228, aka. Log4Shell). We have not identified any exposure of any client data as a result of this vulnerability, for both on-premise and cloud users of Germain. However, we do recommend Customers that use Germain onPremise to update their Germain environment as following. Similar configuration was applied to the Germain cloud instances and instances were brought back online today Monday 12/13/21 at 8:35am PST, after completion of our security review.

Pass the following argument: ‐Dlog4j2.formatMsgNoLookups=true to the following services:

  • ActiveMQ
    Add the parameter to the ACTIVEMQ_OPTS variable (Found under activemq/bin/env):

  • Backend services (action, aggregation, analytics, rtm, session tracking, storage)
    Add the parameter to each of the services startup scripts JAVA_OPTS (found under Germain Service directory /bin).

  • Tomcat
    Add the parameter to the CATALINA_OPTS variable for each Tomcat instance (Found under Tomcat instance dir /bin/

More technical details can be found here:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.