MicroFocus ALM-Octane is also affected by Log4j vulnerability | Mitigation

ALM Octane which is web based application life cycle management tool which is used to track the requirements and bugs have been also affected by this vulnerability. The products affected as ALM 15.5 and above, ALM Octane (all versions), Quality Insight Server (QIS) > 16.0.0 and Global Search! As of now for these products there has been no patches but only mitigations have been announced by the Microfocus team. The Mitigation Pl


Step 1: Locate the wapper.conf file in the ALM/Octane deployment location (It would be under ALM\wrapper) for ALM and for Octane it would be under (Octane/wrapper)


Step 2: Add below configuration in wrapper.conf under wrapper directory


wrapper.java.additional.80=-Dlog4j2.formatMsgNoLookups=true

Step 3: If the number 80 is already used, then use another number as the numbers must be unique in the wrapper.conf. It can be added anywhere in the wrapper.conf file

Step 4: After saving the file, restart the Octane/ALM server. if there are multiple nodes restart the same!

The above steps are only for ALM/Octane deployment and not for GlobalSearch/QIS for which hotfixes patches would be made available soon

Microfocus has released a KB on the same – https://portal.microfocus.com/s/article/KM000003002

Sample wrapper file :

Graphical user interface, text, application  Description automatically generated

Scroll to Top