Hi All, If you're running CollectionSpace 6.0 or above, patches are now available to upgrade log4j to 2.17.0, in order to mitigate continuing log4j vulnerabilities. If you have your own fork of the CollectionSpace services<https://github.com/collectionspace/services> code, first pull the upstream release branch (v6.0-branch<https://github.com/collectionspace/services/tree/v6.0-branch>, v6.1-branch<https://github.com/collectionspace/services/tree/v6.1-branch>, or v7.0-branch<https://github.com/collectionspace/services/tree/v7.0-branch>) into your fork. To upgrade: 1. Stop the CollectionSpace server. 2. In your services source code directory (typically /opt/collectionspace/services or /home/cspace/collectionspace-source/services), pull the latest code for your release branch. Perform these steps as the user that builds and runs CollectionSpace, typically collectionspace. 1. sudo su - collectionspace 2. cd /opt/collectionspace/services 3. git pull 4. 5. Build the services source code. 6. 7. mvn clean install -DskipTests 8. 9. Redeploy the services web application. 10. 11. ant undeploy deploy 12. 13. To verify that log4j has been upgraded, check the jar files that exist in the tomcat lib directory: 14. 15. cd $CSPACE_JEESERVER_HOME/lib 16. ls log4j*.jar 17. 18. All of the listed filenames should end with -2.17.0.jar. 1. Start the CollectionSpace server. Reply to the talk list if you have any questions or run into any problems. Thanks, Ray