Solved: Is readyapi 3.10.1 affected by log4j security vuln...

kiwi23 · ‎12-12-2021

Is readyapi 3.10.1 affected by log4j security vulnerability issues? If so are we getting any new updates. ?

JoostDG · ‎12-13-2021

I also would like to have a quick answer on this from Smartbear.

From what I can see, the 2.11.0 version is used, which is part of the impacted versions (source: https://www.randori.com/blog/cve-2021-44228/) . Upgrading to 2.15.0 would be recommended.

nmrao · ‎12-13-2021

The same link your reply has how to mitigate, please refer the excerpt. So, one can update the respective scripts (such as ready-api.sh / testrunner.sh ; .bat / .cmd files for windows platform; have backup of the same scripts before updating so that if something does not work, you can rollback the file changes) under READY_HOME/bin to add the following in the JAVA_OPTS.

Regards,
Rao.

D0UG · ‎12-13-2021

SmartBear is aware of the recently disclosed security issue affecting the open-source Apache “Log4j2” utility (CVE-2021-44228). The Security team is actively working to mitigate our exposure and continue to provide enhanced monitoring of our platforms to safeguard information. Resources potentially affected by this vulnerability have been identified and our Information Technology and Information Security teams are working closely together to remediate any potential exposure in our platforms and environment.

Please check https://smartbear.com/security/cve-2021-44228/ for further updates.

-----------------------
Sr. Director, Web & Digital Experience @ SmartBear

Is readyapi 3.10.1 affected by log4j security vulnerability issues?

Is readyapi 3.10.1 affected by log4j security vulnerability issues?

How do I get Log Output in a file?

How do I show error in pop up for other test case?

set peak arriving users on loadtestrunner via cli

How to get blank when JDBC step return xml empty e...

how can I get the caller IP address to a mockservi...