Trados Studio
Trados Live Essential/Live Team/Enterprise
Trados GroupShare
Trados Business Manager
Passolo
MultiTerm
RWS AppStore
Connectors
Beta Groups
Managed Translation
MultiTrans
TMS
WorldServer
Language Weaver
Language Weaver Connectors
Language Weaver Edge
Tridion Docs
Tridion Sites
LiveContent S1000D
XPP
Language Developers
Tridion Docs Developers
Community Help
RWS User Experience
Internal Trados Ideas Community
Mercury
RWS Community Internal Group
RWS Professional Services
RWS Training & Certification
Style Guides
RWS Campus
RWS Enterprise Technology Partners
Trados Approved Trainers
XyUser Group
ETUG (European Trados User Group) Public Information
Nordic Tridion Docs User Group
Tridion UK Meetup
Tridion West Coast User Group
Trados Studio Ideas
Trados GroupShare Ideas
Trados Live Team Ideas
Trados Live Essential Ideas
Trados Live Terminology Ideas
Trados Enterprise Ideas
Trados Online Editor Ideas
Trados Business Manager Ideas
MultiTerm Ideas
Passolo Ideas
RWS Appstore Ideas
Tridion Docs Ideas
Tridion Sites Ideas
Language Weaver Ideas
Language Weaver Edge Ideas
Managed Translation - Enterprise Ideas
TMS Ideas
WorldServer Ideas
LiveContent S1000D Ideas
Contenta S1000D
XPP Ideas
Events & Webinars
To RWS Support
Detecting language please wait for.......
Dear clients,
A critical vulnerability was discovered in Log4j, a widely used Apache logging framework. This library is used in applications worldwide, including MultiTrans, which is vulnerable to exploitation of this Apache bug.
We encourage all customers to mitigate the risk immediately as follows.
Steps to mitigate this vulnerability:
<?xml version="1.0" encoding="UTF-8" ?> <Configuration status="WARN" monitorInterval="30"> <Appenders> <Async name="loadTimeLogAsync"> <AppenderRef ref="loadTimeLog" /> </Async> <!-- FlowLogAppender --> <RollingFile name="FlowLogAppender" fileName = "logs/flow_log.log" filePattern="logs/flow_log-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile > <!-- FlowAllLogAppender --> <RollingFile name="FlowAllLogAppender" fileName = "logs/flow_all_log.log" filePattern="logs/flow_all_log-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile > <!-- Standard out appender --> <Console name="stdout" target="SYSTEM_OUT"> <PatternLayout> <Pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</Pattern> </PatternLayout> </Console> <!-- Hibernate appender --> <RollingFile name="hibernateDefault" fileName = "logs/Hibernate.log" filePattern="logs/Hibernate-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%d{ABSOLUTE} %5p %F:%L - %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- Metrics appender --> <RollingFile name="metrics" fileName = "logs/Metrics.log" filePattern="logs/Metrics-%d{yyyy-MM-dd_HHmm}.log.gz" append = "true"> <PatternLayout> <Pattern>%d{yyyy/MM/dd HH:mm:ss.SSS},%m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- External Web Service appender --> <RollingFile name="externalWebService" fileName = "logs/ExternalWebService.log" filePattern="logs/ExternalWebService-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%d{ABSOLUTE} %5p %F:%L - %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- Sessions appender --> <RollingFile name="sessionLog" fileName = "logs/SessionLog.log" filePattern="logs/SessionLog-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- System Settings appender --> <RollingFile name="systemSettingsLog" fileName = "logs/SystemSettingsLog.log" filePattern="logs/SystemSettingsLog-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>"%d{yyyy/MM/dd HH:mm:ss} - %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- Flow API appender --> <RollingFile name="flowApiLog" fileName = "logs/FlowAPI.log" filePattern="logs/FlowAPI-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%d{yyyy/MM/dd HH:mm:ss} : %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- C3P0 appender --> <RollingFile name="c3p0Log" fileName = "logs/c3p0.log" filePattern="logs/c3p0-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%d{yyyy/MM/dd HH:mm:ss} : %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- Access / Load Time appender --> <RollingFile name="loadTimeLog" fileName = "logs/UsageLog.log" filePattern="logs/UsageLog-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <Pattern>%d{yyyy/MM/dd HH:mm:ss} : %m{nolookup}%n</Pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile> <!-- FlowLogAppender --> <RollingFile name="FlowMailLogAppender" fileName = "maillog/flow_mail_log.log" filePattern="logs/flow_mail_log-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile > <!-- SIGMALogAppender --> <RollingFile name="SIGMALogAppender" fileName = "logs/sigma.log" filePattern="logs/sigma-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile > <!-- SIGMALogAppender for QA --> <RollingFile name="SIGMALogAppenderQA" fileName = "C:\inetpub\wwwroot\sigma.htm" filePattern="logs/sigma-%d{yyyy-MM-dd_HHmm}.log.gz" > <PatternLayout> <pattern>%d{ABSOLUTE} [%5p] [%5tid] (%F:%L) - %m{nolookup}%n</pattern> </PatternLayout> <Policies> <CronTriggeringPolicy schedule="0 0 0 * * ?"/> </Policies> </RollingFile > </Appenders> <Loggers> <!-- Hibernate loggers --> <Logger name="org.hibernate" additivity="false" level ="error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.hql.ast.AST" additivity="false" level ="error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.SQL" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.type" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.tool.hbm2ddl" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.hql" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.cache" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.transaction" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="org.hibernate.jdbc" additivity="false" level = "error" > <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Hibernate: Treecache logger --> <Logger name="org.jgroups.JChannelFactory" additivity="false" level = "error"> <AppenderRef ref="hibernateDefault" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Metrics logger --> <Logger name="com.beetext.flow2.metrics" additivity="false" level = "INFO"> <AppenderRef ref="metrics" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- External Web Service logger --> <Logger name="com.beetext.flow2.util.RequestUtil$ExternalWebServiceNotificationRunnable" additivity="false" level = "DEBUG"> <AppenderRef ref="externalWebService" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name="com.beetext.flow2.external.ws.externalSystem" additivity="false" level = "DEBUG"> <AppenderRef ref="externalWebService" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Sessions logger --> <Logger name="com.beetext.flow2.service.usagelog.SessionLogManager" additivity="false" level = "DEBUG"> <AppenderRef ref="sessionLog" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- System Settings logger --> <Logger name="com.beetext.flow2.util.FlowSystemSettingsLog" additivity="false" level = "DEBUG"> <AppenderRef ref="systemSettingsLog" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Flow API logger --> <Logger name="com.beetext.flow2.external.ws.FlowRequest" additivity="false" level = "ERROR"> <AppenderRef ref="flowApiLog" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Flow external REST API --> <Logger name="com.beetext.flow2.servlet.restexternal" additivity="false" level = "ERROR"> <AppenderRef ref="flowApiLog" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- C3P0 logger --> <Logger name="com.mchange" additivity="false" level = "INFO"> <AppenderRef ref="c3p0Log" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Access / Load Time appender --> <Logger name="com.beetext.flow2.metrics.usage.UsageMonitor" additivity="false" level ="INFO"> <AppenderRef ref="loadTimeLogAsync" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Unit / Integration tests logger --> <Logger name="com.beetext.flow2.test.IntegrationTestSuite" additivity="false" level = "INFO"> <AppenderRef ref="stdout" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <!-- Swagger --> <Logger name="io.swagger" additivity="true" level = "info"> <AppenderRef ref="stdout" /> </Logger> <!-- Reflections --> <Logger name="org.reflections" additivity="true" level = "info"> <AppenderRef ref="stdout" /> </Logger> <Logger name = "com.beetext.flow2.util.FlowMailLog" additivity="true" level="INFO"> <AppenderRef ref ="FlowMailLogAppender" /> <AppenderRef ref="FlowAllLogAppender" /> </Logger> <Logger name = "com.beetext.flow2.servlet.rest.sigma" additivity="true" level="DEBUG"> <AppenderRef ref ="SIGMALogAppender" /> <AppenderRef ref ="SIGMALogAppenderQA" /> </Logger> <Logger name = "com.beetext.flow2.api.java.service.sigma" additivity="true" level="DEBUG"> <AppenderRef ref ="SIGMALogAppender" /> <AppenderRef ref ="SIGMALogAppenderQA" /> </Logger> <Logger name = "com.beetext.flow2.external.client.rest.sigma" additivity="true" level="DEBUG"> <AppenderRef ref ="SIGMALogAppender" /> <AppenderRef ref ="SIGMALogAppenderQA" /> </Logger> <Logger name = "com.beetext.flow2.data.sigma" additivity="true" level="DEBUG"> <AppenderRef ref ="SIGMALogAppender" /> <AppenderRef ref ="SIGMALogAppenderQA" /> </Logger> <!-- Standard out logger --> <Root level = "INFO"> <AppenderRef ref="stdout" /> <AppenderRef ref="FlowLogAppender" /> <AppenderRef ref="FlowAllLogAppender" /> </Root> </Loggers> </Configuration>
You can validate that the above steps were successful by monitoring the log file at C:\Program Files\Donnelley\MultiTrans Flow 64\runtime\logs\error.log. The following will appear:
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dlog4j2.formatMsgNoLookups=true
This configuration change will be added by default to the January release of MultiTrans 7.0, therefore following that release, MultiTrans will not be susceptible to this exploit. The Java framework in MultiTrans will also be upgraded in the January release for security purposes.
The Log4J library will be updated in a future release of MultiTrans, following a full investigation of the ramifications of this upgrade.
We apologize for any inconvenience this may cause.
The MultiTrans Product Team
Hi Shirley, thank you for this information. So this only affects Flow - we don't need to do anything if we have MultiTrans without Flow, do you confirm?
Thank you and happy holidays,
Donatella
Hi Donatella,
Yes, MultiTrans without Flow is not affected by this issue.
Happy Holidays!!
Regards,
Happy Holidays Donatella!