BarTender and Apache Log4j
Overview
The BarTender 2022 installation process currently includes Microsoft SQL Express 2019, which ships with Apache Log4j 1.2. Apache Log4j 1.2 is past its end of life and might be flagged as a security vulnerability by security scans. For more details, see the Microsoft resources linked in the Additional Resource sections below.
This article will provide you with two options to address this vulnerability while still using BarTender.
Applicable to
BarTender 2022 and later
Information
As mentioned above, there are two options available to you:
- Run Windows Update. There is a cumulative security update (KB5011644) that removes Apache Log4j from SQL Server 2019. You can find more details about this update here, including instructions on how to install this update manually.
- To download the update manually, start on the page linked above. Scroll down to the How to obtain or download this or the latest cumulative update package section and use the arrow the expand the first option.
- Click Download the latest cumulative update package for SQL Server 2019 now and follow the instructions to download and install the update.
- While installing BarTender 2022, you have the option to prevent Microsoft SQL Server 2019 Express (and therefore Apache Log4j) from installing alongside the BarTender suite.
- On the first installation prompt, accept the license agreement and check the Specify advanced installation options checkbox. Click Next.
-
- Choose whichever BarTender installation option best suits your needs, but make sure the Add Microsoft SQL Server Express checkbox is unchecked before continuing with the installation process.