Does SoapUI 5.6.0 has log4j vulnerability?

Question

I have installed SoapUI 5.6.0 and it does have "log4j-1.2.14.jar" file present at SmartBear\SoapUI-5.6.0\lib location.

Does this file have vulnerability? Log4J file < 2.15 is vulnerable. So, Can you share if there is any patch or fix for the same or if there is any new version available to install which does not have this vulnerability?

Thanks,

Jazzy

tanyayatskovska · Accepted Answer

Hi,
We were said that there will be an updated release of SoapUI OS in the coming days. Please see this pull request&nbsp;https://github.com/SmartBear/soapui/tree/release-5.6.1&nbsp;for more details.&nbsp;

hkosova · Answer

SoapUI 5.7.0 has been released:
https://github.com/SmartBear/soapui/releases
&nbsp;
It uses Log4j 2.17.1.

gsobhani · Answer

Hi Tanya,&nbsp;Any update ? When will the version v.5.7.0 be released ?&nbsp;&nbsp;Thank you

markreichard · Answer

A scan of a fresh install of version 5.7.0 shows a log4j vulnerability because HermesJMS is using log4j version&nbsp;1.2.15.&nbsp; Is there an update that includes no old versions of log4j?

techguy24 · Answer

I see the new update was released. However, it contains 2.16 which is not secure either. Will 2.17 be released soon?

tanyayatskovska · Answer

Hi,
SmartBear is closely monitoring and analyzing Apache guidance related to the Log4j2 Remote Code Execution (RCE) Vulnerabilities stemming from CVE-2021-44228 and associated vulnerabilities. Please follow this page for more information:
https://smartbear.com/security/cve-2021-44228/

Forum Discussion

Does SoapUI 5.6.0 has log4j vulnerability?

11 Replies

Related Content

SoapUI 5.6.0 won't start

Log4J vulnerability

Log4j Vulnerability - Swagger

log4j security vulnerability

ReadyAPI-3.3.1 log4j vulnerable?

Recent Discussions

SoapUI OSS apidocs are outdated in April 2024

log4j1.x vulnerability

How to upload a file via SOAP, as an attachment using python zeep

Soapui 5.7.1 dependency : thoughtworks:xstream:jar:1.4.20

How to configure Swagger in Paas to use it in Oracle APEX instance.