Does ReadyAPI 3.20 version contain log4j 2.17 ?
- 3 years ago
Hi,
New guidance was received to upgrade to Log4J version 2.17.0 on impacted systems, after additional potential exploits were found in the previously-recommended Log4J upgrade to 2.16.0. SmartBear does not use any of the config patterns that are vulnerable to these exploits.
SmartBear maintains that the Apache Log4j2 Remote Code Execution (RCE) Vulnerabilities stemming from CVE-2021-44228 and associated vulnerabilities, have been mitigated or remediated on SmartBear-managed cloud products. If you are on an on-premise version or a customized version please view the table below for current status and reach out to our support team at https://support.smartbear.com for further information and mitigation guidance.
As an overabundance of caution, SmartBear will continue to upgrade products to Log4J 2.17.0 as part of their next release.
You can check individual product statuses here https://smartbear.com/security/cve-2021-44228/