Contributions
Re: Is SoapUI affected by Log4j Vulnerability? If yes, what are the actions required for permanent fix?
Just received a notification and I don't think I ever reported back on this. We decided to remove the Hermes JMS component on our Terminal Servers since it's unsupported. Due to this and the upgrade we were able to clear all the Log4J vulnerabilities involving SOAPUI. Thanks for the guidance!.442Views0likes0CommentsRe: Is SoapUI affected by Log4j Vulnerability? If yes, what are the actions required for permanent fix?
Thanks Karel! That is what we found yesterday while troubleshooting and removing the component is the path we are taking. So since it's unsupported there is no plan for a fix specific to the HermesJMS component correct?2.9KViews0likes3CommentsSOAPUI log4J vulnerability
We upgraded to 5.7 however our scans are still flagging a security issue with LOG4J. I thought 5.7 would have corrected this as the release notes indicate the new jar files are included. I physically checked the server and I do in fact see the log4j-1.2.15 and not the 2.17 versions. Any advice? Path : C:\Program Files\SmartBear\SoapUI-5.7.0\hermesJMS\lib\log4j-1.2.15.jar Installed version : 1.2.15556Views2likes1CommentRe: Is SoapUI affected by Log4j Vulnerability? If yes, what are the actions required for permanent fix?
We upgraded to 5.7 however our scans are still flagging a security issue with LOG4J. I thought 5.7 would have corrected this...Any advice? Path : C:\Program Files\SmartBear\SoapUI-5.7.0\hermesJMS\lib\log4j-1.2.15.jar Installed version : 1.2.153KViews0likes5Comments