December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1. Apache Log4j is commonly used Java logging library with Apache Tomcat web applications.
Vulnerability details can be found from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
SOVELIA PLM server is not affected as it does not utilize Log4j. The Log4j library is not deployed by default with the out of the box Apache Tomcat installation that Symetri uses.
Batch processing component called ActionServer is sometimes used as a supplementary service connected to Sovelia PLM server.
ActionServer is using Log4j. However, the used library version does not include the vulnerability mentioned above.
Symetri has not identified any other SOVELIA PLM components affected by Log4j vulnerability.
Even though current versions of Sovelia PLM products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.
Sovelia PLM release 19.0 - Released in early 2019 – and older release of Sovelia PLM might include old version of Log4j library files. As Log4j is not used at all by Sovelia PLM server these files can be safely removed.
All releases newer than 19.0 of Sovelia PLM does not include any version of the Log4j library files.
The latest Sovelia PLM release available is 21.1.2, released on 23th Nov 2021.
If you have any questions or concerns, please contact your local account manager or the Sovelia team info@sovelia.com.
Sovelia Days 2024 took place in Tampere, Finland again on April 16-17. This two-day event brought together around 50 Sovelia customers from all over Finland to connect, share insights and explore the latest innovations in Sovelia products.
Sovelia Days is an annual event for Symetri's Sovelia PLM and Configurator customers. This year's event took place in Tampere, Finland 18-19 April. Event brings together companies of Sovelia PLM and Sovelia Configurator to share thoughts, user experiences, and operating methods of the solutions.
Two Sovelia add-ons to Autodesk software are being introduced to all AU attendees this year, Sovelia Vault for Vault users and Sovelia Visualizer for Inventor users. Attending AU is free, so just click the links below to sign up.