Medeco CLIQ Log4j TECHNICAL ANNOUNCEMENT: Medeco CLIQ Log4j DATE: December 20, 2021 **If you are not a Medeco CLIQ customer, you are not impacted by this vulnerability and can disregard this message** This is a technical announcement Medeco on the zero day vulnerability for Apache Log4j and its potential risks to Medeco CLIQ Web Manager. Customers who use the Medeco-hosted CLIQ SaaS environment have been upgraded to CLIQ Web Manager 11.0.2. No action is needed for Medeco-hosted users. We highly recommend self-hosted CLIQ Web Manager users update to version 11.0.2 as soon as possible. Self-hosted customers should contact Medeco Technical support by calling 800-839-3157 or by starting a chat session. Self-hosted customers who are unable to upgrade to 11.0.2 right away should immediately implement the mitigation instructions detailed below. (Note: If you are immediately updating to 11.0.2, you do not need to follow the mitigation instructions below.) Self-hosted Medeco CLIQ Web Manager customers who are not updating to version 11.0.2 should take the following actions: Please notify your Medeco CLIQ Web Manager administrator of the following: 1. Take database backup before conducting any changes2. Take backup of CLIQ Web Manager and CLIQ Remote installation folders3. Stop CLIQ Web Manager Windows service4. Stop CLIQ Remote Windows service5. Execute the following configuration changes: I. Open the <CWM_installation_directory>\tomcat\conf\catalina.properties file in any text editor (as an administrator) II. At the end of the file, please add following line: log4j2.formatMsgNoLookups=true III. Save the file IV. Conduct the file change on both CWM and the CLIQ Remote application server 6. Start CLIQ Remote Windows service7. Start CLIQ Web Manager Windows service8. Conduct health check on application functions & key updates For questions or more information, call Medeco Technical Support at 800-839-3157 or click here to start a chat with aMedeco Technical Support representative.