Most Wolfram products and systems are either not affected by the log4shell (CVE-2021-44228) zero-day vulnerability in the Java library log4j in versions 2.x with x<=14 or it has been fully addressed in them.
Only Wolfram Enterprise Private Cloud (EPC) and Wolfram Application Server (WAS) were affected by log4shell. This vulnerability has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.
All product fixes also address log4j vulnerability CVE-2021-45046.
For further details on individual Wolfram products or systems, please consult the following sections.
Wolfram-hosted systems and products
All Wolfram-hosted systems and products such as Wolfram|Alpha or Wolfram Cloud were either not affected or these log4j vulnerabilities have been fully addressed in them.
Customer-hosted non-Wolfram Language products
No non-Wolfram Language Wolfram products, such as System Modeler or Wolfram’s license manager MathLM, have been affected by either log4j vulnerability.
All customer-hosted Wolfram Language products
(except Enterprise Private Cloud and Application Server)
In all 13.0.1 versions of Wolfram Language products, log4j libraries have either been removed or updated to their fixed version. Current Wolfram products such as Mathematica, Wolfram|Alpha Notebook Edition, Wolfram Desktop, Wolfram Engine, Wolfram Finance Platform, Wolfram Player, gridMathematica Server or webMathematica are therefore not affected by either log4j vulnerability.
Customer-hosted Enterprise Private Cloud and Application Server
Enterprise Private Cloud and Application Server were affected by log4shell. A workaround to mitigate the issue has been communicated to all affected customers. It has been fully addressed in EPC Version 1.60.2 and WAS Version 1.1.2.
1-800-WOLFRAM （+1-217-398-0700 美国境外用户）
8:30–10am & 11am–5pm 美国中部时区
- Wolfram 专家助理专员
- Wolfram 语言编程帮助