Security Vulnerabilities in Apache Log4J 2.x

问题描述

Does the COMSOL software contain the Apache Log4j 2.x library and, if so, is it affected by security vulnerabilities found in it?

解决方法

Summary

The following COMSOL software uses the Apache Log4j 2.x library:

• COMSOL Multiphysics
• COMSOL Server
• COMSOL Model Manager Server (with managed search index servers)

COMSOL strives to keep third-party software up-to-date in update releases. It is not possible to update the Apache Log4j 2.x software manually. See below for more information about Apache Log4j 2.x security vulnerabilities.

Security vulnerabilities

The Apache Logging Services security team lists known vulnerabilities on the Apache Logging Services Security page.

Not all security vulnerabilities of the Apache Log4j 2.x library apply to the COMSOL software, since the COMSOL software does not expose all the Apache Log4j 2.x functionality. In fact, COMSOL software typically only uses a relatively limited subset of the the Apache Log4j 2.x functionality.

• CVE-2025-68161
  Assessment: Not vulnerable
  The COMSOL software does not enable the Socket Appender so the lack of TLS hostname verification in Apache Log4j 2.25.2 and below is not relevant.

Apache Log4j 2.x version

The following versions of the Apache Log4j 2.x library are included with the currently supported versions of COMSOL:

• COMSOL 6.4 update 1:
  Apache Log4j 2.24.3 and 2.17.2
• COMSOL 6.3 update 2:
  Apache Log4j 2.17.2

In general, the version of the Apache Log4j software included with a particular COMSOL software installation can be determined by inspecting the filenames of all .jar found by searching for log4j in the COMSOL installation directory. The following are the default installation directories:

• On Windows systems: C:\Program Files\COMSOL\COMSOL64\[Product]\
• On macOS systems: /Applications/COMSOL64/[Product]/t
• On Linux systems: /usr/local/comsol64/[product]/
• The [Product] path segment is Multiphysics for COMSOL Multiphysics, Server for COMSOL Server, and ModelManagerServer for COMSOL Model Manager Server.

按类别浏览

错误消息 (65)
导入 (10)
几何 (14)
物理场 (11)
求解器 (38)
安装 (42)
网格 (14)
通用 (38)
结构力学 (2)
流体动力学 (2)
后处理 (4)
导出 (1)
绘图 (1)
产品信息 (6)
多物理场 (1)
用户模型 (1)
电磁学 (1)