Log4j is a framework to log application messages in Java. In many comercial software products this is used over years as a de-facto standard. Log4j is a leading application for logging frameworks in software development. In the last days a security gap was discovered. There are log4j files in the current release of the Cadence PCB Design Software for OrCAD and Allegro 17.2 and 17.4.
If you scan your installation folder, you can see if your installed release contains these files.
These files are being used only by these applications:
ISR Hotfix 080 is available at downloads.cadence.com. This is the recommended permanent fix for ALL 17.2 installations. This ISR removes all log4j-files. Zero-Day- and Denial-of-Service-Attacks are no longer possible.
NOTE: Apache has published log4j v2.17, but it was too late, the release Cadence ISR080 was already build. In a post process all critical log4j files were removed, so ISR080 has no more security gaps. But some virus scanner might still detect the log4j-version v2.16. In January a v2.17, based ISR081 will be released by Cadence which will bpass the scanners too. The release ISR080 will completely close the security gap and your IT will be safe. There is no reason to wait for ISR081, it just avoids false alarms.
The new 17.4 ISR025 was released on December 21st, 2021. It can be downloaded at support.cadence.com.
Please contact FlowCAD support.
T +49 89 45637-777
T +41 56 485 91 91
T +48 58 727 90 90
If you work with the Windows operating system, you can use the Internet to allow our support staff to take a remote look at your screen. You load an .EXE file from Fastviewer onto your computer and you can start a private session with our technical experts. The session number can be obtained by telephone from our support staff. For customers under maintenance this service is free of charge.» Download Client Fastviewer.exe
Technical support is available free of charge for customers with a valid maintenance contract with FlowCAD.