This article covers the following topics:
We have examined the April 2022 JAVA CVE vulnerability and would like to report that Solibri Solution Center is not affected by this vulnerability. Regarding Solibri Desktop, we have taken measures, such as updating our Java library to the latest version of Java 17. This update is available in the form of a hotfix in Solibri v9.12.9 (released on 03/05/22) and can be downloaded from Solibri Solution Center. For our Solibri Subscription customers, the download is available on the My downloads page. We strongly suggest always using the latest version of Solibri to ensure that the newest security measures are up to date. We continue to follow the situation if more information or other vulnerabilities are reported.
We have examined the March 2022 JAVA Spring RCE vulnerability and would like to report that Solibri Solution Center is not affected by this vulnerability. Supported versions of Solibri Desktop are also secure.
However, we have taken additional measures such as updating our spring library in Solibri v9.12.9, and we strongly suggest always using the latest version of Solibri to ensure that the newest security measures are up to date. We continue to follow the situation if more information or other vulnerabilities are reported.
We have examined the vulnerability internally and would like to report that supported versions of Solibri Desktop, as well as Solibri Solution Center, are not affected by this vulnerability. In practice, this means that Solibri customer and user data is safe. We strongly suggest always using the latest version of Solibri to ensure that the newest security measures are up to date. We continue to follow the situation if more information or other vulnerabilities are reported. Detailed information about Apache Log4j is available here.