Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For modeling tools (Magic Software Architect, Magic Cyber Systems Engineer, Magic Systems of Systems Architect , MagicDraw, Cameo Systems Modeler, Cameo Enterprise Architecture)

Option 1

  1. Download the latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

...

See the detailed procedure to mitigate the risk concerning the CVE-2021-44228 vulnerability. 

Option 2

If you cannot upgrade log4j, you may add 

...

For collaboration tools (Magic Collaboration Studio 19.0 SP2 - 19.0 SP4, Cameo Collaborator for Teamwork Cloud 19.0 SP1-SP4, Teamwork Cloud 19. SP1 - SP4)

Option 1

You may prevent  lookups in the log event message by adding parameter via command line or in Web Application Platform setenv.sh / setenv.bat properties file.


Configuring setenv.bat file on Windows

If your instance of the Web Application Platform is running on Windows, configure this file by following one of the given workflows.

...

  1. Stop the Web Application Platform if it is running.
  2. Open the command-line interface and go to the Web Application Platform installation directory.
  3. In the command-line interface, run the following command:

    .\bin\tomcat<version>.exe //US//WebApp --JvmMs=8000 --JvmMx=8000 ++JvmOptions='-Dcom.sun.management.jmxremote=true'



    Code Block
     -Dlog4j.formatMsgNoLookups=true


  4. Restart the Web Application Platform.


Configuring setenv.sh file on Linux and Mac

If your instance of the Web Application Platform is running on Linux or Mac, configure this file by following the steps outlined below.

...