You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@jmeter.apache.org by bu...@apache.org on 2022/01/19 10:06:07 UTC
[Bug 65808] New: Log4J Security Risk in 5.4.3
https://bz.apache.org/bugzilla/show_bug.cgi?id=65808
Bug ID: 65808
Summary: Log4J Security Risk in 5.4.3
Product: JMeter
Version: 5.4.3
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: HTTP
Assignee: issues@jmeter.apache.org
Reporter: nsoni31@dxc.com
Target Milestone: JMETER_5.5
Hi Jmeter team,
We are using Jmeter for our project . This mail is regarding the security risk
because of log4J . We were using Jmeter4.0 (planning to upgraded to JMeter
5.4.3 version) . But according to release notes still log4J security risk is
there in 5.4.3.
We need following help from you:
1. It would be helpful if we can get fix for this issue .
2. We have found that latest version of JMeter 5.4.3 which have 2.17.0
Log4j Jar
But 2.17 is also having two direct vulnerabilities , Details of both slows that
they are vulnerable .
In Maven
repository(https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core)
, we have 2.17.1 version which shows no vulnerability , so can you please
advice that can we use 2.17.1 jar with apache Jmeter 5.4.3 version . Is that
supported if we do it and will resolve the threat of currently log4j.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 65808] Log4J Security Risk in 5.4.3
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65808
Felix Schumacher <fe...@internetallee.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
Resolution|--- |DUPLICATE
Status|NEW |RESOLVED
--- Comment #1 from Felix Schumacher <fe...@internetallee.de> ---
*** This bug has been marked as a duplicate of bug 65748 ***
--
You are receiving this mail because:
You are the assignee for the bug.