Forum Discussion
My understanding is that 2.16.0 resolved the critical vulnerability that was introduced by 2.14, but - since then - vulnerabilities were discovered in 2.16.0, and one of these has been classified as critical. The known vulnerabilities that exist in 2.16.0 are mediated by 2.17.0. So, our organization only considers 2.17.0 an acceptable remediation.
I see form another post that SoapUI OS 5.7.0 is being developed, and will include Log4J 2.17.0. This issue can be closed
- MHutchinson3 years agoOccasional Visitor
It appears that an additional flaw was found in 2.17.0 shortly after release. The current 2.17.1 is the newest version, and is considered standard requirement for us to allow Log4J on a system.
So, is there any information showing that SoapUI 5.7.0 will distribute with 2.17.1?
- HKosova3 years agoSmartBear Alumni (Retired)
SoapUI 5.7.0 has been released:
https://github.com/SmartBear/soapui/releases
This version uses Log4j 2.17.1.
- slautier3 years agoOccasional Contributor
Hi, Soapui version 5.7.0 has a bug that's pretty annoying for us (see https://community.smartbear.com/t5/ReadyAPI-Questions/XPATH-assertion-fails-with-SoapUI-NG/m-p/115158#M36585) and we would like to version 5.6.1 (newer after 5.7.0 from what I'm seeing) but with Log4j plugin v2.17.1. Would this be supported?
Thanks for your help.
Related Content
- 4 years ago
Recent Discussions
- 15 years ago
- 12 days ago