Problem Description
Does the COMSOL software contain the Apache Log4j 2.x library and, if so, is it affected by known security vulnerabilities in it?
Solution
Summary
The following COMSOL software include the Apache Log4j 2.x library:
- COMSOL Multiphysics
- COMSOL Server
- COMSOL Model Manager Server (with managed search index servers)
COMSOL strives to keep third-party software up-to-date in update releases. It is not possible to update the bundled Apache Log4j 2.x software manually. See below for more information about known Apache Log4j 2.x security vulnerabilities.
Security vulnerabilities
The Apache Logging Services security team lists known vulnerabilities on the Apache Logging Services Security page.
Not all security vulnerabilities of the Apache Log4j 2.x library apply to the COMSOL software, since the COMSOL software does not use all the Apache Log4j 2.x functionality and may not enable the affected features. In fact, COMSOL software typically only uses a relatively limited subset of the Apache Log4j 2.x functionality.
At the time of release, no security vulnerabilities were known for the versions of the Apache Log4j 2.x library included with the currently supported versions of COMSOL.
Apache Log4j 2.x version
The following versions of the Apache Log4j 2.x library are included with the currently supported versions of COMSOL:
- COMSOL 6.4 Update 2:
Apache Log4j 2.25.3 - COMSOL 6.3 Update 3:
Apache Log4j 2.25.3
In general, the version of the Apache Log4j software included with a particular COMSOL software installation can be determined by inspecting the filenames of all .jar found by searching for log4j in the COMSOL installation directory. The following are the default installation directories:
- On Windows systems:
C:\Program Files\COMSOL\COMSOL64\[Product]\ - On macOS systems:
/Applications/COMSOL64/[Product]/ - On Linux systems:
/usr/local/comsol64/[product]/ - The
[Product]path segment isMultiphysicsfor COMSOL Multiphysics,Serverfor COMSOL Server, andModelManagerServerfor COMSOL Model Manager Server.
COMSOL は, 本ページに掲載されている情報の確認に合理的な努力を払っております. リソースおよびドキュメントは情報提供のみを目的としており, COMSOL はその有効性について明示的または黙示的な保証を行いません. 開示されたデータの正確性について, COMSOL は法的責任を負いません. 本文書で言及されている商標はすべて, それぞれの所有者に帰属します. 商標に関する詳細は, 製品マニュアルをご参照ください.
