Versions Compared

Old Version 28

changes.mady.by.user Developer

Saved on

compared with

New Version 29

changes.mady.by.user Developer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

More about the issue: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

Table of Contents

Apache Log4j2 version <2.15.0 is a part of the following products. Action to perform.

CATIA Magic portfolio

  • Magic Collaboration Studio (release 2021x Refresh1, 2021x Refresh2)
  • Magic Software Architect (release 2021x Refresh1, 2021x Refresh2)
  • Magic Cyber Systems Engineer (release 2021x Refresh1, 2021x Refresh2)
  • Magic Systems of Systems Architect (release 2021x Refresh1, 2021x Refresh2)

No Magic portfolio

  • Teamwork Cloud (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Collaborator for Teamwork Cloud (release  2021x Refresh1, 2021x Refresh2)
  • MagicDraw (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Systems Modeler (release 2021x Refresh1, 2021x Refresh2)
  • Cameo Enterprise Architecture (release 2021x Refresh1, 2021x Refresh2)

To Do:  You have action to perform. See Remediation.

Apache Log4j2 version <2.15.0 is a part of the following products, however it is not used for logging. No action to perform.

CATIA Magic portfolio

  • Magic Collaboration Studio (release 2021x, 19.0 SP2, 19.0 SP3, 19.0 SP4)

No Magic portfolio

  • Cameo Collaborator for Teamwork Cloud (release  2021x19.0 SP1, 19.0 SP2, 19.0 SP3, 19.0 SP4)
  • Teamwork Cloud (release 2021x , 19.0 SP1, 19.0 SP2, 19.0 SP3, 19.0 SP4)

The following products and versions are NOT affected. No action to perform.

CATIA Magic portfolio

  • Magic Software Architect (release 2021x, 19.0 SP2, 19.0 SP3, 19.0 SP4)
  • Magic Cyber Systems Engineer (release 2021x, 19.0 SP2, 19.0 SP3, 19.0 SP4)
  • Magic Systems of Systems Architect (release 2021x, 19.0 SP2, 19.0 SP3, 19.0 SP4)

No Magic portfolio

  • Teamwork Cloud (release 19.0) 
  • Cameo Collaborator for Teamwork Cloud (release 19.0) 
  • MagicDraw (release 2021x19.0 and all service packs, 18.5 SP4, 18.0 SP7)
  • Cameo Systems Modeler (release 2021x19.0 and all service packs, 18.5 SP4, 18.0 SP7)
  • Cameo Enterprise Architecture (release 2021x19.0 and all service packs, 18.5 SP4, 18.0 SP7)


Remediation

For modeling tools (Magic Software Architect, Magic Cyber Systems Engineer, Magic Systems of Systems Architect , MagicDraw, Cameo Systems Modeler, Cameo Enterprise Architecture)

Option 1

  1. Download the latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

...

  1. Go to <modeling tool installation directory>\bin and open the modeling tool properties file.

  2. In the JAVA_ARGS line add: 

    Code Block
    -Dlog4j.formatMsgNoLookups=true

    For example:  

    Code Block
    JAVA_ARGS=-Xmx4000M -DLOCALCONFIG\=true -splash\:data/splash.png -Dmd.class.path\=$java.class.path -Dcom.nomagic.osgi.config.dir\=configuration -Desi.system.config\=data/application.conf -Dlogback.configurationFile\=data/logback.xml -Dsun.locale.formatasdefault\=true -Dinitial.user.language\=en -Xss1024K -Dlog4j.formatMsgNoLookups=true


  3. Save and close the file.
  4. Restart your modeling tool.

For collaboration tools (Magic Collaboration Studio,

...

 Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)

Option 1

You may prevent lookups in the log event message by adding parameter via command line or in Web Application Platform setenv.sh / setenv.bat properties file.

...