Two Sovelia add-ons to Autodesk software are being introduced to all AU attendees this year, Sovelia Vault for Vault users and Sovelia Visualizer for Inventor users. Attending AU is free, so just click the links below to sign up.
Apache Log4j Critical Vulnerability (CVE-2021-44228) in the context of Symetri Sovelia PLM application
December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1. Apache Log4j is commonly used Java logging library with Apache Tomcat web applications.
Vulnerability details can be found from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Sovelia Security Advisory
Sovelia PLM server
SOVELIA PLM server is not affected as it does not utilize Log4j. The Log4j library is not deployed by default with the out of the box Apache Tomcat installation that Symetri uses.
ActionServer - Batch processing component
Batch processing component called ActionServer is sometimes used as a supplementary service connected to Sovelia PLM server.
ActionServer is using Log4j. However, the used library version does not include the vulnerability mentioned above.
Other Symetri technology components around Sovelia PLM
Symetri has not identified any other SOVELIA PLM components affected by Log4j vulnerability.
Even though current versions of Sovelia PLM products are not affected by this vulnerability, Symetri always recommends its customers to keep their software up to date.
Sovelia PLM release 19.0 - Released in early 2019 – and older release of Sovelia PLM might include old version of Log4j library files. As Log4j is not used at all by Sovelia PLM server these files can be safely removed.
All releases newer than 19.0 of Sovelia PLM does not include any version of the Log4j library files.
The latest Sovelia PLM release available is 21.1.2, released on 23th Nov 2021.
If you have any questions or concerns, please contact your local account manager or the Sovelia team email@example.com.