phone +49 89 45637-770 |
mail Contact |
FlowCAD |
English Deutschland Schweiz Suisse Polski Czech

Log4j Update

FlowCAD Support

Log4j is a framework to log application messages in Java. In many comercial software products this is used over years as a de-facto standard. Log4j is a leading application for logging frameworks in software development. In the last days a security gap was discovered. There are log4j files in the current release of the Cadence PCB Design Software for OrCAD and Allegro 17.2 and 17.4.

How to find Log4j

If you scan your installation folder, you can see if your installed release contains these files.

These files are being used only by these applications:

  • Data management in Cadence EDM
  • In OrCAD Capture when placing external parts: Function Place > Search Providers

Update for Version 17.2

ISR Hotfix 080 is available at downloads.cadence.com. This is the recommended permanent fix for ALL 17.2 installations. This ISR removes all log4j-files. Zero-Day- and Denial-of-Service-Attacks are no longer possible.

NOTE: Apache has published log4j v2.17, but it was too late, the release Cadence ISR080 was already build. In a post process all critical log4j files were removed, so ISR080 has no more security gaps. But some virus scanner might still detect the log4j-version v2.16. In January a v2.17, based ISR081 will be released by Cadence which will bpass the scanners too. The release ISR080 will completely close the security gap and your IT will be safe. There is no reason to wait for ISR081, it just avoids false alarms.

Update for Version 17.4

The new 17.4 ISR025 was released on December 21st, 2021. It can be downloaded at support.cadence.com.

More Information from Cadence on log4j

Manual Fix for Version 16.6, 17.2 or 17.4

Please contact FlowCAD support.

Hotline

In Germany and Austria

support@FlowCAD.de
T +49 89 45637-777

In Switzerland, Liechtenstein and Vorarlberg

support@FlowCAD.ch
T +41 56 485 91 91

In Eastern Europe and South Africa

support@FlowCAD.pl
T +48 58 727 90 90

Fastviewer

Fastviewer
Fastviewer Remote-Hotline

If you work with the Windows operating system, you can use the Internet to allow our support staff to take a remote look at your screen. You load an .EXE file from Fastviewer onto your computer and you can start a private session with our technical experts. The session number can be obtained by telephone from our support staff. For customers under maintenance this service is free of charge.

» Download Client Fastviewer.exe

Open Technical Support Request

Technical support is available free of charge for customers with a valid maintenance contract with FlowCAD.