Vulnerability in a very widely used, Open Source software library called Log4J

Dear Customer

There has recently been publicity about a vulnerability in a very widely used, Open Source software library called Log4J

More information at https://logging.apache.org/log4j/2.x/security.html

This Java library is also shipped with many Java based tools, especially Web and database packages.

Since notified on 10/12/2021 we’ve taken the required actions:

  • Checked and upgraded as necessary all of our internal systems for log4j use.
  • Checked the M4 7.x and MEDUSA4 6.x releases for log4j usage. We found 2 instances where log4j has been distributed.
    • The TeamCenter integration (MEDTC) (log4j Version 1.x and 2.x)
    • Pentaho reporting, embedded in MEDSYS uses log4j (Version 1.x) for P&ID and PLANT FACTORY report generation

We will issue an update for M4 7.0 and 7.1 releases are available on the customer portal from 18/12/2021.

An update for MEDUSA4 6.3 releases will be available early in 2022; we do not plan to provide updates for older releases.

Customers should check directly with their original software suppliers, especially PDM systems, for information and updates.
Any questions please log a call with the CAD Schroer customer portal.

Kind Regards
Your CAD Schroer Team

Scroll to Top