Posted by big on Dec 15, 2021; 9:19pm
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/CVE-2021-44228-Advisory-for-Oracle-E-Business-tp10512.html

Hi,
On R12.2.4 DB 11.2.0.4 on AIX

In note 2827804.1 Oracle propose a work around for CVE-2021-44228 :

[oracle@app01 ~]$ export LOG4J_FORMAT_MSG_NO_LOOKUPS=true
[oracle@app01 ~]$ adstpall.sh
[oracle@app01 ~]$ adstrtal.sh

My questions are:

1-Should we run: export LOG4J_FORMAT_MSG_NO_LOOKUPS=true every time we stop/start our system or only one time for good?
2-If only one time for good, how the value "true" for LOG4J_FORMAT_MSG_NO_LOOKUPS will be kept permanently for system?
3-If we should export its value every time we stop/start, how can we make it permanent?
Put it in .profile cannot help because since we stop/start it by cronetab, the values from .profile are discarded I think.

Thanks and regards.