[updated on 2022 03 07 18:00 GMT+1]
For more information, see CVE-2021-44228, CVE-2021-45046, CVE-2021-44832.
Timestamp | Description |
---|---|
2022 03 07 18:00 GMT+1 | 2021x Refresh1 HF2 and 2021x Refresh2 HF2 (hot fixes) with log4j 2.17.1 version are released as Remediation option. Also, log4j 1.2 version removed from these hotfixes. Added CVE-2021-44832 to vulnerability list. |
2022 01 06 18:00 GMT+1 | Updated log4j version from 2.17.0 to 2.17.1 for modeling and collaboration tools in Remediation. Added additional note for collaboration tools v19.0 SPx in Remediation. |
2021 12 22 19:30 GMT+1 | 2021x Refresh1 and 2021x Refresh2 HF1 (hot fixes) with log4j 2.16.0 version are released as Remediation option. |
2021 12 20 21:00 GMT+1 | Updated Remediation options for modeling and collaboration tools. |
2021 12 20 16:30 GMT+1 | Added log4j version 2.17.0 for modeling and collaboration tools in Remediation. |
2021 12 17 14:00 GMT+1 | Updated Remediation options for modeling and collaboration tools. |
2021 12 17 13:00 GMT+1 | Updated log4j version from 2.15.0 to 2.16.0 for modeling and collaboration tools in Remediation. |
2021 12 16 14:00 GMT+1 | Added Cameo DataHub plugin to the list in Apache Log4j2 version 2.0-2.14.1 is a part of the following products, however it is not used for logging. No action to perform. |
2021 12 16 14:00 GMT+1 | Added information about FlexNet Publisher in Apache Log4j2 version 2.0-2.14.1 is a part of the following products. Action to perform. |
To Do: You have action to perform. See Remediation.
To Do: You have action to perform, if you are using lmadmin Alerter Service. For more information, see here.
Option 1
Download and install 2021x Refresh1 HF2 (hot fix). This is a new full 2021x Refresh1 version build with log4j 2.17.1.
Download and install 2021x Refresh2 HF2 (hot fix). This is a new full 2021x Refresh2 version build with log4j 2.17.1.
See Downloading installation files
Option 2
Example - if you find log4j-core-2.11.2.jar:
Download same instructions CATIA_No_Magic_log4j_procedure_V4.pdf
Option 1
Download and install 2021x Refresh1 HF2 (hot fix). This is a new full 2021x Refresh1 version build with log4j 2.17.1.
Download and install 2021x Refresh2 HF2 (hot fix). This is a new full 2021x Refresh2 version build with log4j 2.17.1.
See Downloading installation files
Option 2
In your installation base, please search for the following files: webapp.war, admin.war, collaborator.war, document-exporter.war, resource-usage-map.war, resources.war. If you do not find any result, you can stop the procedure here. Your installation does not contain web applications
If you find a match, you might need to replace log4j2 libraries inside each found war files (for example webapp.war). Please execute these steps:
Replace any match by the 2.17.1 version. Make sure the original filename is unchanged. See example below.
|
Example - if you find log4j-core-2.11.2.jar:
Download same instructions CATIA_No_Magic_log4j_procedure_V4.pdf