MES Support Center Im Zentrum der Entwicklung.

MES log4j Security Information

According to our security review none of our MES applications have been affected by CVE-2021-44228.

The implemented versions of log4j are not affected, JNDI/JMS Appender are not in use.
Please find all details for previous tool versions below. All newer tool version are not affected. We recommend using Flexnet Publisher (FNP) version 11.19.1 for all license server installations. You can download the MES FNP package here.

Product Version Desktop Application Server Application Background CVE-2021-44228
Log4j 2.0-beta9 to 2.14.1
Flexnet Publisher 11.14.0
11.16.4
11.17.0.0
11.17.1
  x Log4j Version 1.X Not affected
  11.18.3.0   x Log4j Version 2.15.X May affected
  11.18.3.1
11.19.1
  x Log4j Version 2.17.0 Not Affected
MXAM 4.X – 7.X x   Log4j Version 1.2.16 Not affected
  From 8.0 x   Log4j Version 2.17.1 Not affected
MTest 5.0 – 7.7 x   Log4j Version 1.2.15 Not affected
MES Plugin for Jenkins 1.0 – 2.0   x No individual logger in use Not affected
MXRAY 2.0 - 4.3 x   No individual logger in use Not affected
MoRe 1.0-2.X x   No individual logger in use Not affected