Is SmartBear planning to release another version with 2.16 log4j

Question

Hellolog4j fix made in 3.10.2 with log4j 2.15 version still has its own Vulnerability.Is SmartBear planning to release another version with 2.16 log4j ?&nbsp;Thanks&nbsp;

d0ug · Accepted Answer

Hi ramaG,
&nbsp;
The Apache Log4j2 Remote Code Execution (RCE) Vulnerabilities - CVE-2021-44228 and CVE-2021-45046 have been mitigated or remediated on SmartBear-managed cloud products. If you are on an on-premise version or a customized version, please reach out to our support team at https://support.smartbear.com for further information.
&nbsp;
Apache recently announced that the fix to address CVE-2021-44228 (upgrading Log4j to at least version 2.15.0) is not complete if non-default or custom configurations are used. SmartBear products remain unaffected with this new information. SmartBear does not use the non-default configurations and the residual risk is low in using the 2.15.0 version of Log4j.
&nbsp;
Many SmartBear products are already using Log4j 2.16.0. Out of an abundance of caution, SmartBear products not already using 2.16 will update to this version during the next available release

Forum Discussion

Is SmartBear planning to release another version with 2.16 log4j

Hello

log4j fix made in 3.10.2 with log4j 2.15 version still has its own Vulnerability.

1 Reply

Related Content

Execution Plan

Execution Plan

Is there a way to link a smartbear academy account with smartbear community account?

SmartBear Academy Videos never load

SLM does not release the licence anymore

Recent Discussions

Darshan Hiranandani : Exploring ReadyAPI Integration with Azure Git

How do I prevent a file path from being altered when being parsed by JsonSlurper in Groovy Script?

How to hit update service multiple time with different data set.

Multipart requests getting blocked by the Azure WAF 200003

Parameterising JDBC Connection Settings..Can you do it?