Forum Discussion

RobertC2k5's avatar
RobertC2k5
New Contributor
3 years ago

Update SoapUI to use Jetty 7.0.1 or later version to remediate XSS vulnerabilities

Hi, is there any plan to upgrade SoapUI to use Jetty 7.0.1 or later version because versions 6.x and 7.0.0 have remote XSS vulnerabilities (https://nvd.nist.gov/vuln/detail/CVE-2009-4610) that can let remote users to run arbitrary commands? Thanks

  • Sander's avatar
    Sander
    Regular Visitor

    Hi, 
    I would also like to know when an update will be available.
    Our security team will block the use of SoapUI if i do not update soon.

  • Can I get an official response from SmartBear? My organization will pull the plug on SoapUI this April 3rd if this issue is not addressed.