Forum Discussion

MarkJohnsonekl

New Contributor

4 years ago

Solved

Will SoapUI 5.6.1 be modified to download log4j 2.17.0?

It seems to download 2.16.0 now, which is not acceptable to our security team.

MarkJohnsonekl
4 years ago
I see form another post that SoapUI OS 5.7.0 is being developed, and will include Log4J 2.17.0. This issue can be closed

richie

Community Hero

4 years ago

Hey MarkJohnsonekl

v2.16 of the log4j files are the ones that have had that security hole plugged. Are you saying your security team wont allow v2.16 log4j files?

Cheers,

Rich

MarkJohnsonekl

New Contributor

4 years ago

My understanding is that 2.16.0 resolved the critical vulnerability that was introduced by 2.14, but - since then - vulnerabilities were discovered in 2.16.0, and one of these has been classified as critical. The known vulnerabilities that exist in 2.16.0 are mediated by 2.17.0. So, our organization only considers 2.17.0 an acceptable remediation.

Forum Discussion

Will SoapUI 5.6.1 be modified to download log4j 2.17.0?

Recent Discussions

Malfunction changing between multiple screens

How do I add a REST query string without the 'name='

Rest step assertions written in SoapUI 5.5.0 are failing in SoapUI 5.8.0

Related Content

Upgrade SoapUI 5.6.1 from log4j 2.16.0 to 2.17.0

Download an Earlier Version of TestComplete

TestComplete - Interact with the Chrome download bar.