Dear Customer

There has recently been publicity about a vulnerability in a very widely used, Open Source software library called Log4J
More information at
This Java library is also shipped with many Java based tools, especially Web and database packages.

Since notified on 10/12/2021 we’ve taken the required actions:

  • Checked and upgraded as necessary all of our internal systems for log4j use.
  • Checked the M4 7.x and MEDUSA4 6.x releases for log4j usage. We found 2 instances where log4j has been distributed.
    • The TeamCenter integration (MEDTC) (log4j Version 1.x and 2.x)
    • Pentaho reporting, embedded in MEDSYS uses log4j (Version 1.x) for P&ID and PLANT FACTORY report generation

We will issue an update for M4 7.0 and 7.1 releases are available on the customer portal from 18/12/2021.
An update for MEDUSA4 6.3 releases will be available early in 2022; we do not plan to provide updates for older releases.

Customers should check directly with their original software suppliers, especially PDM systems, for information and updates.
Any questions please log a call with the CAD Schroer customer portal

Kind Regards
Your CAD Schroer Team