Forum Discussion

ruchisingh's avatar
ruchisingh
New Contributor
2 months ago

log4j1.x vulnerability

Hello Team,

We use SOAP UI  5.1.13 version , it comes with log4j 1.x version, As this version of log4j is EOL can you please confirm what is the remediation procedure we need to follow.

Thanks,

Ruchi

  • Humashankar's avatar
    Humashankar
    28 days ago

    Hi ruchisingh 

    The recommended solution to address this vulnerability is to upgrade to a newer version of SoapUI that utilizes Log4j 2.x or later. Since Log4j 1.x has reached its end-of-life, it no longer receives security updates, making it susceptible to various exploits.

    While Log4j 1.x is not directly affected by CVE-2021-44228, upgrading to a newer version will ensure you have the latest security patches and mitigations.

    Hope this helps - Happy to help further!!
    Thank you very much and have a great one!
    Warm regards

  • Humashankar's avatar
    Humashankar
    Champion Level 3
    28 days ago

    Hi ruchisingh 

    The recommended solution to address this vulnerability is to upgrade to a newer version of SoapUI that utilizes Log4j 2.x or later. Since Log4j 1.x has reached its end-of-life, it no longer receives security updates, making it susceptible to various exploits.

    While Log4j 1.x is not directly affected by CVE-2021-44228, upgrading to a newer version will ensure you have the latest security patches and mitigations.

    Hope this helps - Happy to help further!!
    Thank you very much and have a great one!
    Warm regards