Thanks. I understand the CVE. I just want to know the target release of JMeter with Log4j 2.17.1.
On Wed, Dec 29, 2021 at 12:29 PM OUFDOU Anas <[email protected]> wrote: > Hello, > > I don't think the vulnerability related to 2.17.1 is critical for Jmeter > like the first one as it concerned only by JDBC logging and only if > attacker can change log4j configuration (*Apache Log4j2 versions 2.0-beta7 > through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are > vulnerable to a remote code execution (RCE) attack where an attacker with > permission to modify the logging configuration file can construct a > malicious configuration using a JDBC Appender with a data source > referencing a JNDI URI which can execute remote code*) By default Jmeter > does't use JDBC logging. > > I don't say that Jmeter should not upgrade this version but for the moment > and as this vulnerability is defined it should not be any risk on Jmeter > users. > > Best Regards > > On Wed, Dec 29, 2021 at 6:01 PM NaveenKumar Namachivayam < > [email protected]> wrote: > > > Hi Team, > > > > Could you please let me know which JMeter version will have Log4j 2.17.1? > > Is it in JMeter 5.4.4 or 5.5? Please advise. > > > > Thank you > > > > -- > > [image: photo] > > NaveenKumar Namachivayam > > Performance Engineer, QAInsights > > <http://github.com/qainsights> <http://youtube.com/qainsights> > > <http://us.linkedin.com/in/naveenkumarn> <http://twitter.com/qainsights> > > <http://facebook.com/naveenkumar%5C.namachivayam> > > [email protected] > > https://qainsights.com > > Cincinnati, OH > > Latest article What’s new in Apache JMeter 5.4.3? > > <https://qainsights.com/apache-jmeter-5-4-3/> > > > > > -- > Cordialement, > ------------- > Anas OUFDOU > -- [image: photo] NaveenKumar Namachivayam Performance Engineer, QAInsights <http://github.com/qainsights> <http://youtube.com/qainsights> <http://us.linkedin.com/in/naveenkumarn> <http://twitter.com/qainsights> <http://facebook.com/naveenkumar%5C.namachivayam> [email protected] https://qainsights.com Cincinnati, OH Latest article What’s new in Apache JMeter 5.4.3? <https://qainsights.com/apache-jmeter-5-4-3/>
