Forum Discussion

dharmitpatel316's avatar
dharmitpatel316
New Contributor
4 years ago

Log4j - CVE-2021-44228 Zero Day Vulnerability SOAP UI V5.6.0 or Lower

Hi, With SOAP UI V5.6.0 or lower, we found that under \\Smartbear\SoapUI-5.6.0\lib\ , we can find log4j-1.2.14.jar and we would like to know if this is something Smartbear is working to release a newer version of the tool which will utilize v2.15 log4j jar or remove the current version?

 

We see this in multiple scans on our computer and would like to be proactive on the approach.

 

We do see this https://community.smartbear.com/t5/SoapUI-Open-Source-Questions/Log4Shell-CVE-2021-44228/m-p/227373#M32732

however this doesn't provide much information on the standalone installation tool.

 

Thanks
Dharmit

  • AV's avatar
    AV
    SmartBear Alumni (Retired)

    Hello, dharmitpatel316,

     

    Thanks for you question. Yes, our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release and please trust me this is not the end. Very soon we will surprise you again 😉

     

     

     

     

    • dharmitpatel316's avatar
      dharmitpatel316
      New Contributor

      We will wait for the new SOAP UI version and then after we will accept it as a solution, until then, we would have to wait.