You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using Jmeter for our project . This mail is regarding the security risk because of log4J . We were using Jmeter4.0 (planning to upgraded to JMeter 5.4.3 version) . But according to release notes still log4J security risk is there in 5.4.3.
We need following help from you:
It would be helpful if we can get fix for this issue .
We have found that latest version of JMeter 5.4.3 which have 2.17.0 Log4j Jar
But 2.17 is also having two direct vulnerabilities , Details of both slows that they are vulnerable .
In Maven repository(https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core) , we have 2.17.1 version which shows no vulnerability , so can you please advice that can we use 2.17.1 jar with apache Jmeter 5.4.3 version . Is that supported if we do it and will resolve the threat of currently log4j.
Neeti (Bug 65808):
Hi Jmeter team,
We are using Jmeter for our project . This mail is regarding the security risk because of log4J . We were using Jmeter4.0 (planning to upgraded to JMeter 5.4.3 version) . But according to release notes still log4J security risk is there in 5.4.3.
We need following help from you:
But 2.17 is also having two direct vulnerabilities , Details of both slows that they are vulnerable .
In Maven repository(https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core) , we have 2.17.1 version which shows no vulnerability , so can you please advice that can we use 2.17.1 jar with apache Jmeter 5.4.3 version . Is that supported if we do it and will resolve the threat of currently log4j.
Severity: normal
OS: All
Duplicated by:
The text was updated successfully, but these errors were encountered: