Hello, This CVE is not as critical as previous ones, it allows denial of service not to take control of server. since JMeter is not a server application but more a client tool, I don’t think there is an urgent need to release a new version.
See: - https://snyk.io/blog/log4j-2-16-high-severity-vulnerability-cve-cve-2021-45105-discovered/ Regards On Sunday, December 19, 2021, NaveenKumar Namachivayam < [email protected]> wrote: > Hi Team, > > > > Log4j 2.17 has been released for the CVE-2021-45105. Any plans to release a > minor version or, are we going to Jmeter 5.5? > > > > Any input please? > > > Thanks! > > -- Cordialement Philippe M. Ubik-Ingenierie
