SoapUI 5.5.0 Log4j vulnerability
Hi,
We are running Soap 5.5.0 ( currently not sure if this just a free version or a paid version) with log4j-1.2.14.jar can you tell me if a update is going to be released that resolves the Log4j vulnerability
I believe that as this is only an application the risk are minimal but as a precaution we have renamed the file so that soapui cannot be run.
I note that Apache have released 2.16 jar file are we able to use this release to replace the current version or will their be a patch being released?
Many thanks
Steve
Hi stevelsmith ! Our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release. Please see this pull request https://github.com/SmartBear/soapui/tree/release-5.6.1 for more details.