I agree, revocable at any time, that my data is stored on a server of the .riess engineering europe gmbh or an affiliate company. My data will be stored and can be used by the .riess engineering europe gmbh or its affiliates to inform me - by telephone, fax or e-mail - about products, services or other activities.

Apache Log4J Vulnerability

Everything you need to know about our software products and Apache Log4J.

A security vulnerability regarding the Apache Log4j Java library has been communicated. Apache Log4j is affected by this vulnerability in versions 2.0 to 2.14.1. The vulnerability has been resolved with version 2.17.0.

As a trusted partner of our customers, we officially inform you about the use of the Log4j library in the software products of .riess engineering.

We have analyzed all .riess engineering software products and replaced Apache Log4j Java library with the currently recommended version if applicable.

Project-specific or customer-specific developments are excluded from this analysis.

Relevance for .riess engineering / SAP software products

.riess engineering / SAP software products affected by this vulnerability

  • SAP Engineering Control Center interface to PTC Creo
  • .riess JsConverter
  • .riess Converter
  • .riess MigrationSuite
  • .riess Plugin for cenitCONNECT EnCo 6.1

.riess engineering / SAP software products not affected by this vulnerability

  • SAP product data management integration to PTC Windchill
  • SAP PLM Integration to Pro/ENGINEER and PTC Creo
  • .riess CopyAssistant

      Availability of new versions

      SAP software products available in SAP Software Download Center

      • SAP Engineering Control Center interface to PTC Creo

      .riess engineering software products available at .riess

      • riess JsConverter
      • .riess Converter
      • .riess MigrationSuite

      .riess engineering software products available at CENIT

      • .riess Plugin for cenitCONNECT EnCo 6.1

      Notes and further ressources

      Please regard the following updated notes in the SAP One Support Launchpad and SAP Wiki SCN:

      Short-term mitigation measure

      As a short-term mitigation measure recommended by the Log4j supplier:

      • Environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS should be set to true

      Or

      • Delete JndiLookup from the classpath [APA2021b]: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

      Source: www.bsi.bund.de