Log4j version 2

The affected versions of Log4j are: Log4j core 2.0-beta9 to 2.14.1.

PTC has switched to Log4j version 2 with the release of Windchill 12.0.2. Previous versions do not use Log4j V2.

IFConneX does not use any own Log4j libraries, only those included in Windchill.

If you are using Windchill 12.0.2, please contact your Windchill implementation partner.

Our product ReleaseEngine does not use Log4j version 2.

Log4j version 1

Log4j V1 affects all Windchill versions prior to 12.0.2.

Also in this case Innoface does not use its own Log4j libraries and only uses the ones installed by Windchill.

ReleaseEngine:

Innoface products ECE 1.x and RE 2.x use Log4j version 1.

Innoface does not use the JMSAppender in its software products.

According to the current status, the following applies to Log4j V1:

The vulnerability for Log4j V1 is described in  CVE-2021-4104.

According to the CVE vulnerability analysis, Log4j V1 is only affected if the use of "JMSAppender" is specified in the configuration.

This is not the case in both the default configuration and the Innoface configuration for Log4j V1. However, this setting can also be implemented by other project participants.

We recommend checking whether the use of the JMSAppender has been configured in one of the Log4j configuration files.

We will update the information on this page as it becomes available.