SoapUI 5.5.0 Log4j vulnerability
We are running Soap 5.5.0 ( currently not sure if this just a free version or a paid version) with log4j-1.2.14.jar can you tell me if a update is going to be released that resolves the Log4j vulnerability
I believe that as this is only an application the risk are minimal but as a precaution we have renamed the file so that soapui cannot be run.
I note that Apache have released 2.16 jar file are we able to use this release to replace the current version or will their be a patch being released?
Solved! Go to Solution.
Hi @stevelsmith ! Our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release. Please see this pull request https://github.com/SmartBear/soapui/tree/release-5.6.1 for more details.
Community and Education Specialist
Hi There, I'm after the same issue and our organization also have version SoapUI 5.5.0. So do you recommend to download the 5.6.1 version you've mentioned to get the vulnerability issue fixed? or Do we need to wait for you to release a version which fixed the Log4j vulnerability?
I believe that we have to wait as the jar released by Apache is for apache servers so if you were to copy the file into the Soapui application it would not pick it up. We have renamed the jar file to stop the application working at the moment.