Forum Discussion

KeithT's avatar
KeithT
Occasional Contributor
3 years ago

SOAPUI log4J vulnerability

We upgraded to 5.7 however our scans are still flagging a security issue with LOG4J.  I thought 5.7 would have corrected this as the release notes indicate the new jar files are included.  I physically checked the server and I do in fact see the log4j-1.2.15 and not the 2.17 versions.  Any advice? 

 

Path : C:\Program Files\SmartBear\SoapUI-5.7.0\hermesJMS\lib\log4j-1.2.15.jar

Installed version : 1.2.15

  • onagash's avatar
    onagash
    Occasional Visitor

    I´m facing the same case.

    Is it possible to replace the log4j file manually for a latest version without issue?