Log4j vulnerability (CVE-2025-68161)

Question

Hi everyone,I’ve tested the latest version of SoapUI (v5.9.1) and noticed that it is still using Log4j v2.17.1Could you please confirm whether there are plans to upgrade the Log4j component to a newer version, and if so, whether an estimated timeline is available?Thank you!

yousaf · Answer

Hi Oneagh,&nbsp;I raised this with the team and we will be addressing the in the next SoapUI release 5.10.0Appreciate you raising this, we can't provide a timeline, but rest assured it will be includedCheers,Yousaf

securebear532 · Answer

Hi Yousaf!What mitigation would you recommend for version 5.9.1 regarding this issue?&nbsp;

Forum Discussion

Log4j vulnerability (CVE-2025-68161)

2 Replies

Recent Discussions

SoapUI - Apache Commons FileUpload (CVE-2025-48976)(High)

Log4j vulnerability (CVE-2025-68161)

Signature\Encryption tags missing in Security Header

Related Content

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

SoapUI 5.5.0 Log4j vulnerability