Apache Log4j is an open-source component providing logging capabilities in some parts of Model RealTime. Recently a critical security vulnerability CVE-2021-44228 was discovered in it.
To keep your Model RealTime installations secure we have released a version 11.1.2021.46 iFix1, which includes Log4j version 2.15, where the vulnerability was addressed. It is available for download from FixCentral
For version 11.0, Model RealTime 11.0 2021.16 iFix1 has been released. Please note that Eclipse 2019-06 (the version used by Model RealTime 11.0) includes Log4j 1.2.15 which is not impacted by CVE-2021-44228, but could be vulnerable to CVE-2019-17571. The recommendation is to upgrade your installation to Model RealTime 11.1 2021.46 iFix1.
For earlier versions of Model RealTime or in case you have any questions or concerns, please reach out to support.
Last week two new vulnerabilities CVE-2021-45046 and CVE-2021-45105 had been discovered in the Apache Log4j library. To address CVE-2021-45046 Log4j version 2.16 was released first and then to address CVE-2021-45105 version 2.17 was released several days later.
To keep your Model RealTime deployments secure we have released the following versions
Check this technote for details and updates on Model RealTime and Log4j.
Please reach out to support if you have any questions or concerns.