studioSL v2021.1215 on 12/15/21

Apache log4j Vulnerabilities

  • Following our own investigation, as well as our understanding of the reported vulnerability, studioSL is not vulnerable to CVE-2021-44228 since it does not use log4j 2.x.
  • However, log4j 1.x used in studioSL has two vulnerabilities (see CVE-2021-4104 and CVE-2019-17571), which may trigger when loading configuration files. studioSL is not using these configuration files, and studioSL's default configuration is not vulnerable as an attacker would need to create logging configuration files in order to trigger them (write access would be needed from inside your organization). This update to studioSL patches all log4j 1.x versions used by studioSL.

3DSL

  1. Updated 3DSL executables and manual to 2021.1215.

3D Viewer

  1. Save shapes/annotations files in each simulation so they will be reloaded when reopening the 3D viewer.
  2. Added support for latitude/longitude coordinates in shapes/annotations files.
  3. Fixed bug when loading .dxf files.
  4. Fixed bug that sometimes caused disappearing well paths.
  5. Fixed problem with order of rendering for shapes/annotations and other 3D objects.

2D Plot

  1. Fixed inconsistencies in axes placement of different sequences in a single chart.
  2. Fixed bug on assigning colors to sequences when refreshing the plot.
  3. Fixed bug showing an empty plot when 'List Only Open at End/Anytime' flag was enabled.
  4. Typing well name to look for a well in the combobox is now working again.

General

  1. Updated Log4j 1x jars.
  2. Refactored coordinates transform support.
  3. Update schema2beans library to version 11.3.
  4. Refactored usage of arrays in JClass library.
  5. Using immutable and ordered sets/maps.
Product
studioSL
Version
v2021.1215
Created at
Last updated by Matteo Di Giovinazzo on 12/17/2021