Menu

Log4j warning after installing COMSOL 6.3
Platform: All Platforms Versions: 6.3

Problem Description

After installing COMSOL 6.3 my security scan gives a log4j warning pointing to

C:\Program Files\COMSOL\COMSOL63\Multiphysics\license\win64\lmadmin\examples\alerter\lib\log4j-core-2.17.0.jar

Solution

COMSOL Version 6.3 is not vulnerable itself. The package indicated in the warning belongs to a third-party tool, lmadmin, which is an alternate tool for license handling that is not used by default. According to the lmadmin developers this license handling tool should not be exposed to this vulnerability. Please see CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher for more information.

If you are not using lmadmin as the license handling tool on your computer, you can safely remove the entire lmadmin directory. If you are using lmadmin on your computer, you can remove the lmadmin\examples directory instead. However, if you are using the alerter functionality in lmadmin, you need to keep the directory and patch the log4j files according to the workaround explained in Vulnerability: CVE-2021-44832 Log4j vulnerability impact on FlexNet Publisher.

Recherche par catégorie

Messages d'erreur (65)
Import (10)
Géométrie (14)
Physiques (10)
Solveur (36)
Installation (41)
Maillage (14)
Général (36)
Mécanique des structures (2)
Mécanique des fluides (1)
Post-traitement (4)
Export (1)
Dessin (1)
Informations produit (6)
Multiphysique (1)
Modèles utilisateurs (1)
Electromagnétisme (1)

COMSOL makes every reasonable effort to verify the information you view on this page. Resources and documents are provided for your information only, and COMSOL makes no explicit or implied claims to their validity. COMSOL does not assume any legal liability for the accuracy of the data disclosed. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark details.