SOAPUI log4J vulnerability

Question

We upgraded to 5.7 however our scans are still flagging a security issue with LOG4J. I thought 5.7 would have corrected this as the release notes indicate the new jar files are included. I physically checked the server and I do in fact see the log4j-1.2.15 and not the 2.17 versions. Any advice?

Path : C:\Program Files\SmartBear\SoapUI-5.7.0\hermesJMS\lib\log4j-1.2.15.jar

Installed version : 1.2.15

onagash · Answer

I´m facing the same case.Is it possible to replace the log4j file manually for a latest version without issue?

Forum Discussion

SOAPUI log4J vulnerability

1 Reply

Related Content

Log4J vulnerability

SoapUI 5.5.0 Log4j vulnerability

Log4j Vulnerability - Swagger

log4j security vulnerability

ReadyAPI-3.3.1 log4j vulnerable?

Recent Discussions

XQuery assertions are broken with SoapUI 5.6.0

Soapui 5.7.1 dependency : thoughtworks:xstream:jar:1.4.20

How to configure Swagger in Paas to use it in Oracle APEX instance.

clone TestSuite fails when there are more project with the same name

getting exception while running SOAP UI REST project from CMD: java.lang.NullPointerException: