Skip to main content
Skip table of contents

Steps to remediate Log4j 2 CVE-2021-44228 & CVE-2021-45046 without upgrade

While the following steps will mitigate the vulnerability, reported by CVE-2021-44228 & CVE-2021-45046, staying on an older version will leave you vulnerable to other CVEs that have been addressed since then. Therefore, we recommend upgrading to the latest software version.

If you are not able to upgrade to iGrafx Platform or newer to remediate the vulnerability and and your platform version is at least 16.2, please follow these steps:

  1. Find your iGrafx Platform installation directory
  2. Navigate to the folder apache-tomcat-x.x.xx\igrafx\iGrafxWebApp\WEB-INF\lib 

  3. Locate the file log4j-core-2.5.jar  (version number may differ) and rename it to 

    If you cannot rename the file, make sure that File name extensions are enabled:
  4. Extract the file to a directory. It should look similar to this
  5. Navigate to the folder org\apache\logging\log4j\core\lookup  and delete the file JndiLookup.class 

  6. Go back to the root folder and re-ZIP the library by selecting all 6 folders/files, right click and select Send to  → Compressed (zipped) folder 

  7. Rename the resulting ZIP file back to log4j-core-2.5.jar 
  8. Move the log4j-core-2.5.jar  file back into the apache-tomcat-x.x.xx\igrafx\iGrafxWebApp\WEB-INF\lib  folder and delete your temporarily unzipped folder.
  9. Delete the  file in that same folder

  10. Restart your platform


There is no negative impact of removing that class from the logs as the platform is not using that functionality.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.