Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Will SoapUI 5.6.1 be modified to download log4j 2.17.0?

SOLVED
Solved
MarkJohnsonekl
New Contributor
‎01-05-2022 01:05 PM
‎01-05-2022 01:05 PM

Will SoapUI 5.6.1 be modified to download log4j 2.17.0?

It seems to download 2.16.0 now, which is not acceptable to our security team.

0 Kudos
7 REPLIES 7
richie
Community Hero
Community Hero
‎01-06-2022 05:22 AM
‎01-06-2022 05:22 AM

Hey @MarkJohnsonekl 

 

 

v2.16 of the log4j files are the ones that have had that security hole plugged.  Are you saying your security team wont allow v2.16 log4j files?

 

Cheers,

 

Rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
0 Kudos
richie
Community Hero
Community Hero
In response to richie
‎01-06-2022 05:24 AM
‎01-06-2022 05:24 AM

ignore my last -I just saw the post by KarelHusa about the latest security hole for v2.16 log4j

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
0 Kudos
MarkJohnsonekl
New Contributor
In response to richie
‎01-06-2022 06:08 AM
‎01-06-2022 06:08 AM

My understanding is that 2.16.0 resolved the critical vulnerability that was introduced by 2.14, but - since then - vulnerabilities were discovered in 2.16.0, and one of these has been classified as critical.  The known vulnerabilities that exist in 2.16.0 are mediated by 2.17.0.      So, our organization only considers 2.17.0 an acceptable remediation.   

0 Kudos
MarkJohnsonekl
New Contributor
In response to MarkJohnsonekl
‎01-06-2022 08:25 AM
‎01-06-2022 08:25 AM

I see form another post that SoapUI OS  5.7.0 is being developed, and will include Log4J 2.17.0.   This issue can be closed

MHutchinson
Occasional Visitor
In response to MarkJohnsonekl
‎01-06-2022 10:35 AM
‎01-06-2022 10:35 AM

It appears that an additional flaw was found in 2.17.0 shortly after release. The current 2.17.1 is the newest version, and is considered standard requirement for us to allow Log4J on a system.

 

So, is there any information showing that SoapUI 5.7.0 will distribute with 2.17.1?

0 Kudos
HKosova
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
In response to MHutchinson
‎01-12-2022 12:35 PM
‎01-12-2022 12:35 PM

SoapUI 5.7.0 has been released:

https://github.com/SmartBear/soapui/releases

 

This version uses Log4j 2.17.1.


Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
slautier
Occasional Contributor
In response to HKosova
‎06-24-2022 05:44 AM
‎06-24-2022 05:44 AM

Hi, Soapui version 5.7.0 has a bug that's pretty annoying for us (see https://community.smartbear.com/t5/ReadyAPI-Questions/XPATH-assertion-fails-with-SoapUI-NG/m-p/11515...) and we would like to version 5.6.1 (newer after 5.7.0 from what I'm seeing) but with Log4j plugin v2.17.1. Would this be supported?

Thanks for your help.

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: