Forum Discussion
- richieCommunity Hero
Hey MarkJohnsonekl
v2.16 of the log4j files are the ones that have had that security hole plugged. Are you saying your security team wont allow v2.16 log4j files?
Cheers,
Rich
- richieCommunity Hero
ignore my last -I just saw the post by KarelHusa about the latest security hole for v2.16 log4j
- MarkJohnsoneklNew Contributor
My understanding is that 2.16.0 resolved the critical vulnerability that was introduced by 2.14, but - since then - vulnerabilities were discovered in 2.16.0, and one of these has been classified as critical. The known vulnerabilities that exist in 2.16.0 are mediated by 2.17.0. So, our organization only considers 2.17.0 an acceptable remediation.
- MarkJohnsoneklNew Contributor
I see form another post that SoapUI OS 5.7.0 is being developed, and will include Log4J 2.17.0. This issue can be closed
Related Content
- 4 years ago
Recent Discussions
- 15 years ago