问题描述
After installing COMSOL 6.3 my security scan gives a log4j warning pointing to
C:\Program Files\COMSOL\COMSOL63\Multiphysics\license\win64\lmadmin\examples\alerter\lib\log4j-core-2.17.0.jar
解决方法
COMSOL Version 6.3 is not vulnerable itself. The package indicated in the warning belongs to a third-party tool,lmadmin, which is an alternate tool for license handling that is not used by default. According to thelmadmindevelopers this license handling tool should not be exposed to this vulnerability. Please seeCVE-2021-44832 Log4j vulnerability impact on FlexNet Publisherfor more information.
If you are not usinglmadminas the license handling tool on your computer, you can safely remove the entirelmadmindirectory. If you are usinglmadminon your computer, you can remove thelmadmin\examplesdirectory instead. However, if you are using the alerter functionality inlmadmin, you need to keep the directory and patch the log4j files according to the workaround explained inVulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher.
COMSOL 尽一切合理的努力验证您在此页面上查看的信息。本页面提供的资源和文档仅供参考,COMSOL 对其有效性不作任何明示或暗示的声明。COMSOL 对所披露数据的准确性不承担任何法律责任。本文档中引用的任何商标均为其各自所有者的财产。有关完整的商标详细信息,请参阅产品手册。