Wolfram Computation Meets Knowledge

Does log4shell affect Wolfram products?

Summary

Most Wolfram products and systems are either not affected by the log4shell (CVE-2021-44228) zero-day vulnerability in the Java library log4j in versions 2.x with x<=14 or it has been fully addressed in them.

Only Wolfram Enterprise Private Cloud (EPC) and Wolfram Application Server (WAS) were affected by log4shell. This vulnerability has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.

All product fixes also address log4j vulnerability CVE-2021-45046.

For further details on individual Wolfram products or systems, please consult the following sections.

Wolfram-hosted systems and products

All Wolfram-hosted systems and products such as Wolfram|Alpha or Wolfram Cloud were either not affected or these log4j vulnerabilities have been fully addressed in them.

Customer-hosted non-Wolfram Language products

No non-Wolfram Language Wolfram products, such as System Modeler or Wolfram’s license manager MathLM, have been affected by either log4j vulnerability.

All customer-hosted Wolfram Language products
(except Enterprise Private Cloud and Application Server)

In all 13.0.1 versions of Wolfram Language products, log4j libraries have either been removed or updated to their fixed version. Current Wolfram products such as Mathematica, Wolfram|Alpha Notebook Edition, Wolfram Desktop, Wolfram Engine, Wolfram Finance Platform, Wolfram Player, gridMathematica Server or webMathematica are therefore not affected by either log4j vulnerability.

Customer-hosted Enterprise Private Cloud and Application Server

Enterprise Private Cloud and Application Server were affected by log4shell. A workaround to mitigate the issue has been communicated to all affected customers. It has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.

该文档是否有帮助?

任何建议?

非常感谢您的反馈!

提交

联系支持团队

从账单到产品激活,以及任何技术相关内容,无论您遇到任何问题,我们都在此为您提供帮助。

1-800-WOLFRAM (+1-217-398-0700 美国境外用户)

客服支持

周一至周五
8am–5pm 美国中部时区

  • 产品注册或激活
  • 预售信息和订单
  • 安装帮助和首次启动

高级技术支持 (面向特定用户)

周一至周四
8am–7pm 美国中部时区

周五
8:30–10am & 11am–5pm 美国中部时区

  • 优先技术支持
  • Wolfram 专家助理专员
  • Wolfram 语言编程帮助
  • 高级安装支持