Versions Compared

Old Version 5

changes.mady.by.user Agne P.

Saved on

compared with

New Version 6

changes.mady.by.user Agne P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

More about the issuehttps://github.com/advisories/GHSA-jfh8-c2jp-5v3q

...

Apache Log4j2 version <2.15.0 is a part of the following products in these versions:

...

Remediation

Option 1

  1. Download the newest latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

Example:

  • if found: log4j-core-2.11.2.jar
  • then remove log4j-core-2.11.2.jar
  • copy log4j-core-2.15.0.jar over to log4j-core-2.11.2.jar
  • repeat for any other log4j 2.x file found.

See the detailed procedure to mitigate the risk concerning the CVE-2021-44228 vulnerability. 

...

to a <modeling tool installation directory>\bin\<modeling tool>.properties file (e.g. magicdraw.propertiescsm.propertiescameoea.properties) on the classpath to prevent lookups in the log event message.

 

The following products and versions are not NOT affected:

CATIA Magic portfolio

...