We have updated log4j as required for security reasons. Since then, we have realized that there
are 2 serious problems:
1. Every SAP objects created defined as business object types in our OTCS are not automatically
created as they were before updating log4j. See the image:
2. For SAP objects that already have a workspace in OTCS (they were created before the update),
we can not open their OTCS workspaces from SAP anymore. It was available before the update
too. We have attached a document, where you can see the SAP transaction we're using, the steps
we follow and the error. However they are still accessible from OTCS web.
The path details are:
Content Server:
Content Server are recommending replacing the vulnerable log4j jar file(s) with version 2.16 ( and
Contact Details
Ticket Details
provide a script to identify them).
KBA KB19860761:
https://knowledge.opentext.com/knowledge/llisapi.dll/kcs/kbarticle/view/KB19860761
OTDS:
OTDS are recommending using the -Dlog4j2.formatMsgNoLookups=true parameter in Tomcat's
JVM options
KBA KB19870219:
https://knowledge.opentext.com/knowledge/llisapi.dll/kcs/kbarticle/view/KB19870219
