Faq log4j jar security issue: Difference between revisions

From Eigenvector Research Documentation Wiki
Jump to navigation Jump to search
Line 8: Line 8:
All of our products are based upon the MATLAB platform, and each installation of MATLAB includes a copy of the log4j.jar file. We recommend that you remove the Matlab-related log4j.jar file immediately.
All of our products are based upon the MATLAB platform, and each installation of MATLAB includes a copy of the log4j.jar file. We recommend that you remove the Matlab-related log4j.jar file immediately.


If you are a PLS_Toolbox user, you will find this file starting from the top level MATLAB folder under topLevelMATLABfolder/java/jarext. The Windows default location is:  
Our testing thus far indicates that removal of the Matab log4j.jar file will not affect EVRI software other than causing some error messages to appear upon the startup of MATLAB. PLS_Toolbox or compiled products (Solo, Solo+MIA, Solo_Predictor,...) should work normally as they do not depend on log4j.
  C:\Program Files\EVRI\Solo\application\java\jarext\log4j.jar.
 
If you are a PLS_Toolbox user, you will find this file starting from the top level MATLAB folder under topLevelMATLABfolder/java/jarext, for example if you are using Matlab R2020b: C:\Program Files\MATLAB\R2020b\java\jarext  
Note that under macOS and Linux, you will have to navigate inside of the application bundle for MATLAB under those platforms.
Note that under macOS and Linux, you will have to navigate inside of the application bundle for MATLAB under those platforms.


Our testing thus far indicates that removal of this file will cause some error messages upon the startup of MATLAB, but functionality otherwise remains. PLS_Toolbox or compiled products (Solo, Solo+MIA, Solo_Predictor,...) should work normally as they do not depend on log4j.
For our compiled products Solo (and variants) and Solo_Predictor, this log4j.jar file will found under the folder structure for the MATLAB Runtime engine, the location of which is operating system dependent. The file should be listed by the appropriate search tool and our limited testing thus far indicates no issues with Solo or Solo_Predictor. The default Windows location for compiled products (Solo, Solo+MIA, or Solo_Predictor) is, for example Solo_Predictor:
 
For our compiled products Solo (and variants) and Solo_Predictor, this file will found under the folder structure for the MATLAB Runtime engine, the location of which is operating system dependent. The file should be listed by the appropriate search tool and our limited testing thus far indicates no issues with Solo or Solo_Predictor. The Windows default location for compiled products (Solo, Solo+MIA, or Solo_Predictor) is, for example Solo_Predictor:
   C:\Program Files\EVRI\Solo_Predictor\application\java\jarext\log4j.jar
   C:\Program Files\EVRI\Solo_Predictor\application\java\jarext\log4j.jar
For Solo or Solo+MIA version 9.0:
For Solo or Solo+MIA version 9.0:

Revision as of 16:21, 13 December 2021

Issue:

What should I do about the log4j.jar security issue discovered in December 2021? Wikipedia

Possible Solutions:

All of our products are based upon the MATLAB platform, and each installation of MATLAB includes a copy of the log4j.jar file. We recommend that you remove the Matlab-related log4j.jar file immediately.

Our testing thus far indicates that removal of the Matab log4j.jar file will not affect EVRI software other than causing some error messages to appear upon the startup of MATLAB. PLS_Toolbox or compiled products (Solo, Solo+MIA, Solo_Predictor,...) should work normally as they do not depend on log4j.

If you are a PLS_Toolbox user, you will find this file starting from the top level MATLAB folder under topLevelMATLABfolder/java/jarext, for example if you are using Matlab R2020b: C:\Program Files\MATLAB\R2020b\java\jarext Note that under macOS and Linux, you will have to navigate inside of the application bundle for MATLAB under those platforms.

For our compiled products Solo (and variants) and Solo_Predictor, this log4j.jar file will found under the folder structure for the MATLAB Runtime engine, the location of which is operating system dependent. The file should be listed by the appropriate search tool and our limited testing thus far indicates no issues with Solo or Solo_Predictor. The default Windows location for compiled products (Solo, Solo+MIA, or Solo_Predictor) is, for example Solo_Predictor:

 C:\Program Files\EVRI\Solo_Predictor\application\java\jarext\log4j.jar

For Solo or Solo+MIA version 9.0:

 C:\Program Files\MATLAB\MATLAB Runtime\v99\java\jarext\log4j.jar

We recommend that you contact The Mathworks regarding this issue to get their official response.


Still having problems? Please contact our helpdesk at helpdesk@eigenvector.com