Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For modeling tools (Magic Software Architect, Magic Cyber Systems Engineer, Magic Systems of Systems Architect , MagicDraw, Cameo Systems Modeler, Cameo Enterprise Architecture)

Option 1

  1. Download the latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

...

See the detailed procedure to mitigate the risk concerning the CVE-2021-44228 vulnerability. 


Option 2

You may prevent lookups in the log event message by adding parameter via command line or in the <modeling tool>.properties file.

...

For collaboration tools (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)

Option 1

You may prevent lookups in the log event message by adding parameter via command line or in Web Application Platform setenv.sh / setenv.bat properties file.

...

  1. In the Java application server (on which Web Application Platform runs) home directory, go to the bin folder. For example, if you use Apache Tomcat, go to <tomcat_home>/bin.
  2. Using a plain text editor, create the setenv.sh file in that directory if it does not already exist.
  3. Copy and paste the following lines to the setenv.sh file:


    Code Block
    -Dlog4j.formatMsgNoLookups=true


  4. Save and close the file.
  5. Restart the Java application server.


Option 2 (more complex)

  1. Download the latest log4j 2.15.0 patched version .
  2. Replace all log4j 2.x jar files with their respective equivalents from the downloaded version 2.15.0 zip file while keeping the original file name.

...