Update SoapUI to use Jetty 7.0.1 or later version to remediate XSS vulnerabilities

Question

Hi, is there any plan to upgrade SoapUI to use Jetty 7.0.1 or later version because versions 6.x and 7.0.0 have remote XSS vulnerabilities (https://nvd.nist.gov/vuln/detail/CVE-2009-4610) that can let remote users to run arbitrary commands?&nbsp;Thanks

sander · Answer

Hi,&nbsp;I would also like to know when an update will be available.Our security team will block the use of SoapUI if i do not update soon.

t4103gf · Answer

Can I get an official response from SmartBear? My organization will pull the plug on SoapUI this April 3rd if this issue is not addressed.

gilderdale · Answer

I know some software that allows remote control likeanydeskfive nights at freddy's

Forum Discussion

Update SoapUI to use Jetty 7.0.1 or later version to remediate XSS vulnerabilities

3 Replies

Related Content

log4j vulnerability in older versions

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

OpenJDK Multiple Vulnerabilities

SoapUI 5.5.0 Log4j vulnerability

Recent Discussions

Encrypt passwords and master password?

SOAP Request works in SoapUI, but not in C# code

clone TestSuite fails when there are more project with the same name

Will SOAP UI 5.6.1 work with JDK 8

How to configure Swagger in Paas to use it in Oracle APEX instance.