Federated Identity Management Module 4.1
It was reported that there was a memory leak associated with FIMs use of log4j. This was caused by stranded references in hash table from improper use of NDC (Nested Diagnostic Classes) log4j class.
The org.apache.log4j.NDC logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/NDC.html) class is holding references to a lot of dead threads in Hashtable. NDC uses the current thread as key in this hashtable and a Stack as value. Elements are only removed from this hashtable trough the public call remove()
NDC use can lead to memory leaks if you do not periodically call the NDC.remove() method. The current NDC implementation maintains a static hard link to the thread for which it is storing context. So, when the thread is released by its creator, the NDC maintains the link and the thread (and its related memory) is not released and garbage collected like one might expect. NDC.remove() fixes this by periodically checking the threads referenced by NDC and releasing the references of "dead" threads.
This problem has been resolved in hotfix 4.1.0.21 for FIM 4.1 Please contact RSA Customer Support and request this hotfix. These hotfixes are cumulative.
Related Articles
Old connector Log4j files not removed in RSA Governance & Lifecycle Number of Views Enterprise Manager Log settings: EM.log - log4j.xml Number of Views The audit.log is not logging to the proper location defined in the log4j.xml Number of Views RSA Customer Advisory: Apache Vulnerability Log4j2 CVE-2021-44228 Number of Views RSA-2024-08: RSA Governance and Lifecycle Critical Security Update for Unauthenticated JMX Agent and Older Version of Log4… Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
