You can check what version of SPSS you’re running by selecting the “Help” menu and choosing “About...” Look for the “Release” version in the lower left corner. Once you know what version you’re running, please visit our Microsoft SharePoint portal to download the fix. There is a folder called “log4j vulnerability patch (macOS and Windows)” for each version of SPSS, and in each folder, there is a small ZIP file. Download and extract the ZIP file, which contains 3 jar files and a “README” text file. Consult the “README” file for instructions.
Unfortunately, the remediation process is a manual one. The instructions will tell you to find 3 files in the main SPSS Statistics directory and 2 files in a subdirectory, move them out of those folders (to your desktop, for example), and then replace them with the new versions in the ZIP file. The subdirectory has only 2 of the 3 files.
The files you’ll be removing from the main SPSS Statistics directory are:
- log4j-core-2.13.3.jar
- log4j-api-2.13.3.jar
- log4j-1.2-api-2.13.3.jar
The files you’ll be replacing them with are:
- log4j-core-2.15.0.jar
- log4j-api-2.15.0.jar
- log4j-1.2-api-2.15.0.jar
The subdirectory contains two of the three files above:
- log4j-core-2.13.3.jar
- log4j-api-2.13.3.jar
So, you will replace those files with:
- log4j-core-2.15.0.jar
- log4j-api-2.15.0.jar
Please note that replacing files will require administrative privileges, so you may need to coordinate with School of Education Technical Services or your Lab Manager or PI.