Page History
[updated on 2021 12 22 19:30 2022 01 06 18:00 GMT+1]
For more information, see CVE-2021-44228 and CVE-2021-45046.
...
Change log
| Timestamp | Description |
|---|---|
| 2022 01 06 18:00 GMT+1 | Updated log4j version from 2.17.0 to 2.17.1 for modeling and collaboration tools in Remediation. Added additional note for collaboration tools v19.0 SPx in Remediation. |
| 2021 12 22 19:30 GMT+1 | 2021x Refresh1 and 2021x Refresh2 hot fixes are released as Remediation option |
| 2021 12 20 21:00 GMT+1 | UpdatedRemediation options for modeling and collaboration tools. |
| 2021 12 20 16:30 GMT+1 | Added log4j version 2.17.0 for modeling and collaboration tools in Remediation. |
| 2021 12 17 14:00 GMT+1 | UpdatedRemediation options for modeling and collaboration tools. |
| 2021 12 17 13:00 GMT+1 | Updated log4j version from 2.15.0 to 2.16.0 for modeling and collaboration tools in Remediation. |
| 2021 12 16 14:00 GMT+1 | Added Cameo DataHub plugin to the list in Apache Log4j2 version 2.0-2.14.1 is a part of the following products, however it is not used for logging. No action to perform. |
| 2021 12 16 14:00 GMT+1 | Added information about FlexNet Publisher in Apache Log4j2 version 2.0-2.14.1 is a part of the following products. Action to perform. |
...
- Make sure application is not running
- Download log4j v2.16.0 (or 2.17.01) from apache website (link)
- Search now for these jar files in installation base
- log4j-core-2.*.jar
- log4j-1.2-api-2.*.jar
- log4j-api-2.*.jar
- log4j-slf4j-impl-2.*.jar
- Replace any match by the 2.16.0 (or 2.17.01) version. Make sure the original filename is unchanged. See example below.
- The replacing and renaming operations must be performed for all jar files found from the list
...
Download same instructions CATIA_No_Magic_log4j_procedure_V3V4.pdf
For collaboration tools (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud)
...
- Make sure application is not running
- Download log4j v2.16.0 (or 2.17.01) from apache website (link)
- Uncompress(unzip) webapp.war into any tmp folder
- Search now for these jar files among unzipped ones
- log4j-core-2.*.jar
- log4j-api-2.*.jar
Replace any match by the 2.16.0 (or 2.17.
01) version. Make sure the original filename is unchanged. See example below.
Note title For collaboration tools of 19.0 SPx version (Magic Collaboration Studio, Cameo Collaborator for Teamwork Cloud, Teamwork Cloud): - look for a file named org.apache.log4j-19.0.0.jar. Delete it if found.
- Compress(zip) all extracted files back to webapp_patched.war. Make sure files structure in new war is same as in original war.
- Replace original webapp.war with webapp_patched.war and restore name back to webapp.war
- Look for a folder named webapp next to webapp.war. Delete it if found.
- Start application
...
Download same instructions CATIA_No_Magic_log4j_procedure_V3V4.pdf