I have just raised this recently. But from one of the forum, I came to know that you can download the log4j jar files and replace on the JMeter package. The latest 2.16 version is readily available.
https://logging.apache.org/log4j/2.x/download.html Thanks, Smruti -----Original Message----- From: Valeriy Zabawski <dziki7...@gmail.com> Sent: Tuesday, December 14, 2021 8:04 PM To: user@jmeter.apache.org Subject: Jmeter release with CVE-2021-44228 mitigation Hello everyone. I've noticed a commit in Jmeter GitHub repo that mitigates a recently discovered vulnerability in log4j library used by Jmeter. As far as I can see, this fix was only added to the code and new builds with the updated library were made. Does anyone know when the new version with log4j 2.15 library will be released? Also, I would like to know if Jmeter 2 and 3 will receive such fixes. Link to commit with fix: https://urldefense.com/v3/__https://github.com/apache/jmeter/commit/403842148e82c24e560c365efd8b7290076b0ba5__;!!L1aKtqoz4WY!JdHOFM5ACmAheHSIA4e7asv2KEub2AmAgQuSm_pS11IdipbeLWfba4K8YTpmVX1xrg$ Thanks in advance. ****************************************************************************************** This message may contain confidential or proprietary information intended only for the use of the addressee(s) named above or may contain information that is legally privileged. If you are not the intended addressee, or the person responsible for delivering it to the intended addressee, you are hereby notified that reading, disseminating, distributing or copying this message is strictly prohibited. If you have received this message by mistake, please immediately notify us by replying to the message and delete the original message and any copies immediately thereafter. If you received this email as a commercial message and would like to opt out of future commercial messages, please let us know and we will remove you from our distribution list. Thank you. ****************************************************************************************** FAFLD --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org For additional commands, e-mail: user-h...@jmeter.apache.org
