Forum Discussion

stevelsmith's avatar
stevelsmith
New Contributor
3 years ago

SoapUI 5.5.0 Log4j vulnerability

Hi,

 

We are running Soap 5.5.0 ( currently not sure if this just a free version or a paid version)  with log4j-1.2.14.jar can you tell me if a update is going to be released that resolves the Log4j vulnerability

 

I believe that as this is only an application the risk are minimal but as a precaution we have renamed the file so that soapui cannot be run.

 

I note that Apache have released 2.16  jar file are we able to use this release to replace the current version  or will their be a patch being released?

 

Many thanks 

 

Steve

    • Sudheshnarao3's avatar
      Sudheshnarao3
      New Member

      Hi There, I'm after the same issue and our organization also have version SoapUI 5.5.0. So do you recommend to download the 5.6.1 version you've mentioned to get the vulnerability issue fixed? or Do we need to wait for you to release a version which fixed the Log4j vulnerability?

      • stevelsmith's avatar
        stevelsmith
        New Contributor

        Hi,

         

        I believe that we have to wait as the jar released by Apache is for apache servers so if you were to copy the file into the Soapui application it would not pick it up. We have renamed the jar file to stop the application working at the moment.

         

        Steve 

    • stevelsmith's avatar
      stevelsmith
      New Contributor

      HI,

       

      Do you have an update, I see online that even 2.16 is not a fix as they have released 2.17.

       

      Regards

       

      Steve