Forum Discussion

ruchisingh's avatar
ruchisingh
New Contributor
9 months ago

log4j1.x vulnerability

Hello team,

We use SOAP UI  5.1.13 version , it comes with log4j 1.x version, As this version of log4j is EOL can you please confirm what is the remediation procedure we need to follow.

Thanks,

  • Humashankar's avatar
    Humashankar
    9 months ago

    Hi ruchisingh 

    You are right, it is known to be vulnerable.

    You can try the recommended option which is to upgrade SOAP UI to a version that uses Log4j 2.x or later. Newer versions of SoapUI are not vulnerable to the Log4j 1.x Exploit (CVE-2021-44228).

    Hope this helps - Happy to help further!!
    Thank you very much and have a great one!
    Warm regards

     

  • Humashankar's avatar
    Humashankar
    Champion Level 3
    9 months ago

    Hi ruchisingh 

    You are right, it is known to be vulnerable.

    You can try the recommended option which is to upgrade SOAP UI to a version that uses Log4j 2.x or later. Newer versions of SoapUI are not vulnerable to the Log4j 1.x Exploit (CVE-2021-44228).

    Hope this helps - Happy to help further!!
    Thank you very much and have a great one!
    Warm regards