log4j security vulnerability

Question

Hello SmartBear, is the Collaborator affected by&nbsp;the&nbsp;log4j&nbsp;security vulnerability issue? If so, are we getting a hotfix?

d0ug · Accepted Answer

SmartBear is aware of the recently disclosed security issue affecting the open-source Apache “Log4j2” utility (CVE-2021-44228). The Security team is actively working to mitigate our exposure and continue to provide enhanced monitoring of our platforms to safeguard information. Resources potentially affected by this vulnerability have been identified and our Information Technology and Information Security teams are working closely together to remediate any potential exposure in our platforms and environment.
&nbsp;
Please check https://smartbear.com/security/cve-2021-44228/ for further updates.

boucherm · Answer

I received a response from the Smartbear support team.Collaborator&nbsp;is&nbsp;not&nbsp;affected&nbsp;by&nbsp;CVE-2021-44228&nbsp;for&nbsp;the&nbsp;following&nbsp;reasons:-&nbsp;Collaborator&nbsp;doesn't&nbsp;run&nbsp;Apache&nbsp;Log4j2&nbsp;at&nbsp;all.&nbsp;Collaborator&nbsp;still&nbsp;uses&nbsp;the&nbsp;first&nbsp;major&nbsp;version&nbsp;of&nbsp;Log4j&nbsp;(namely&nbsp;1.2.17).-&nbsp;Due&nbsp;to&nbsp;the&nbsp;version&nbsp;incompatibility,&nbsp;Collaborator&nbsp;never&nbsp;contained&nbsp;the&nbsp;functionality&nbsp;covered&nbsp;by&nbsp;CVE-2021-44228.-&nbsp;The&nbsp;Log4j&nbsp;configuration&nbsp;of&nbsp;Collaborator&nbsp;never&nbsp;used&nbsp;the&nbsp;remote&nbsp;logging&nbsp;features&nbsp;of&nbsp;Log4j.&nbsp;

Forum Discussion

log4j security vulnerability

2 Replies

Related Content

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

SoapUI 5.5.0 Log4j vulnerability

ReadyAPI-3.3.1 log4j vulnerable?

Log4j Vulnerability - Swagger

Recent Discussions

Migrate Review Templates

How does a participant indicate they are finished with the current phase?

Cannot open individual projects

Changing role settings

Collaborator - Automatic Links