问题描述
After installing COMSOL 6.3 my security scan gives a log4j warning pointing to
C:\Program Files\COMSOL\COMSOL63\Multiphysics\license\win64\lmadmin\examples\alerter\lib\log4j-core-2.17.0.jar
解决方法
COMSOL Version 6.3 is not vulnerable itself. The package indicated in the warning belongs to a third-party tool, lmadmin, which is an alternate tool for license handling that is not used by default. According to the lmadmin developers this license handling tool should not be exposed to this vulnerability. Please see CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher for more information.
If you are not using lmadmin as the license handling tool on your computer, you can safely remove the entire lmadmin directory. If you are using lmadmin on your computer, you can remove the lmadmin\examples directory instead. However, if you are using the alerter functionality in lmadmin, you need to keep the directory and patch the log4j files according to the workaround explained in Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher.
COMSOL 尽一切合理的努力验证您在此页面上查看的信息。本页面提供的资源和文档仅供参考,COMSOL 对其有效性不作任何明示或暗示的声明。COMSOL 对所披露数据的准确性不承担任何法律责任。本文档中引用的任何商标均为其各自所有者的财产。有关完整的商标详细信息,请参阅产品手册。