Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

SoapUI 5.5.0 Log4j vulnerability

SOLVED
Solved
stevelsmith
New Contributor
‎12-16-2021 02:15 AM
‎12-16-2021 02:15 AM

SoapUI 5.5.0 Log4j vulnerability

Hi,

 

We are running Soap 5.5.0 ( currently not sure if this just a free version or a paid version)  with log4j-1.2.14.jar can you tell me if a update is going to be released that resolves the Log4j vulnerability

 

I believe that as this is only an application the risk are minimal but as a precaution we have renamed the file so that soapui cannot be run.

 

I note that Apache have released 2.16  jar file are we able to use this release to replace the current version  or will their be a patch being released?

 

Many thanks 

 

Steve

Labels:
0 Kudos
5 REPLIES 5
sonya_m
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
‎12-17-2021 12:05 AM
‎12-17-2021 12:05 AM

Hi @stevelsmith ! Our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release. Please see this pull request https://github.com/SmartBear/soapui/tree/release-5.6.1 for more details. 


Sonya Mihaljova
Community and Education Specialist

0 Kudos
Sudheshnarao3
New Member
In response to sonya_m
‎12-17-2021 08:43 AM
‎12-17-2021 08:43 AM

Hi There, I'm after the same issue and our organization also have version SoapUI 5.5.0. So do you recommend to download the 5.6.1 version you've mentioned to get the vulnerability issue fixed? or Do we need to wait for you to release a version which fixed the Log4j vulnerability?

0 Kudos
stevelsmith
New Contributor
In response to Sudheshnarao3
‎12-17-2021 09:02 AM
‎12-17-2021 09:02 AM

Hi,

 

I believe that we have to wait as the jar released by Apache is for apache servers so if you were to copy the file into the Soapui application it would not pick it up. We have renamed the jar file to stop the application working at the moment.

 

Steve 

0 Kudos
stevelsmith
New Contributor
In response to sonya_m
‎12-21-2021 05:35 AM
‎12-21-2021 05:35 AM

HI,

 

Do you have an update, I see online that even 2.16 is not a fix as they have released 2.17.

 

Regards

 

Steve

 

0 Kudos
sonya_m
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
In response to stevelsmith
‎12-21-2021 10:35 PM
‎12-21-2021 10:35 PM

Hi @stevelsmith and @Sudheshnarao3 , please refer to this page to get the latest updates on the subject from SmartBear: https://smartbear.com/security/cve-2021-44228/ 


Sonya Mihaljova
Community and Education Specialist

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: