Ask a Question

SOAPUI log4J vulnerability

KeithT
Occasional Contributor

SOAPUI log4J vulnerability

We upgraded to 5.7 however our scans are still flagging a security issue with LOG4J.  I thought 5.7 would have corrected this as the release notes indicate the new jar files are included.  I physically checked the server and I do in fact see the log4j-1.2.15 and not the 2.17 versions.  Any advice? 

 

Path : C:\Program Files\SmartBear\SoapUI-5.7.0\hermesJMS\lib\log4j-1.2.15.jar

Installed version : 1.2.15

1 REPLY 1
onagash
Occasional Visitor

I´m facing the same case.

Is it possible to replace the log4j file manually for a latest version without issue?

cancel
Showing results for 
Search instead for 
Did you mean: