Ask a Question

log4j Vulnerabilities - question

lindamitchell
New Contributor

log4j Vulnerabilities - question

Could you please update my folks about log4j vulnerabilities?  Will the new patch cover these concerns? 

 

These are some of the locations the vulnerability scanner tagged.  There may be others that the scanner didn't report.  The version of log4j either has a vulnerability or is an unsupported version.  I tried removing the specified files to mitigate the vulnerabilities.  The program no longer opens once the files are removed.  The current version of log4j that is not a vulnerability is 2.17.1 or greater.

 

C:\Program Files\SmartBear\ReadyAPI-2.8.2\lib\log4j-jcl-2.11.0.jar

C:\Program Files\SmartBear\ReadyAPI-2.8.2\lib\log4j-jul-2.11.0.jar

C:\Program Files\SmartBear\ReadyAPI-2.8.2\lib\log4j-core-2.11.0.jar

C:\Program Files\SmartBear\ReadyAPI-2.8.2\lib\log4j-slf4j-impl-2.11.0.jar

C:\Program Files\SmartBear\ReadyAPI-2.8.2\lib\log4j-api-2.11.0.jar

 

 

C:\Users\1189937160E\AppData\Local\SmartBear\ReadyAPI-3.6.0\lib\log4j-jcl-2.11.0.jar

C:\Users\1189937160E\AppData\Local\SmartBear\ReadyAPI-3.6.0\lib\log4j-jul-2.11.0.jar

C:\Users\1189937160E\AppData\Local\SmartBear\ReadyAPI-3.6.0\lib\log4j-core-2.11.0.jar

 

Mark E. Miller, Contr, USAF

AFMC/HIHO

Comm. (210) 565-1172 DSN 665-1172

mark.miller.42.ctr@us.af.mil

Diversified Technical Services, Inc (DTSI)

www.dtsi.com

(210) 341-1980

 

3 REPLIES 3
KarelHusa
Super Contributor

@lindamitchell,

current ReadyAPI version 3.41.0 contains log4j 2.17.1.

 

Karel@apimate.eu
https://apimate.eu

Yes, thank you.  That is the version to which I was referring.  So I have asked my tech guy to go look at that and see if the problems have been fixed now. . . he will let me know probably next week but in the meantime, he said it would be fine to ask the questions that he had shared with me earlier, because maybe the version 3.41.0 will not address all of that.  Appreciate your willingness to help!

@lindamitchell, do you have any other concerns about ReadyAPI, except the log4j version?

 

Karel@apimate.eu
https://apimate.eu
cancel
Showing results for 
Search instead for 
Did you mean: