Hello, You can read this blog which details how to proceed: - https://www.ubik-ingenierie.com/blog/jmeter-and-the-log4j2-vulnerability/
Regards Philippe M. On Tue, Dec 14, 2021 at 4:00 PM Smruti Ranjan Roul <sranjanr...@firstam.com.invalid> wrote: > I have just raised this recently. But from one of the forum, I came to > know that you can download the log4j jar files and replace on the JMeter > package. The latest 2.16 version is readily available. > > https://logging.apache.org/log4j/2.x/download.html > > Thanks, > Smruti > > > -----Original Message----- > From: Valeriy Zabawski <dziki7...@gmail.com> > Sent: Tuesday, December 14, 2021 8:04 PM > To: user@jmeter.apache.org > Subject: Jmeter release with CVE-2021-44228 mitigation > > Hello everyone. I've noticed a commit in Jmeter GitHub repo that mitigates > a recently discovered vulnerability in log4j library used by Jmeter. > As far as I can see, this fix was only added to the code and new builds > with the updated library were made. Does anyone know when the new version > with log4j 2.15 library will be released? Also, I would like to know if > Jmeter 2 and 3 will receive such fixes. > Link to commit with fix: > > https://urldefense.com/v3/__https://github.com/apache/jmeter/commit/403842148e82c24e560c365efd8b7290076b0ba5__;!!L1aKtqoz4WY!JdHOFM5ACmAheHSIA4e7asv2KEub2AmAgQuSm_pS11IdipbeLWfba4K8YTpmVX1xrg$ > > Thanks in advance. > > > ****************************************************************************************** > This message may contain confidential or proprietary information intended > only for the use of the addressee(s) named above or may contain information > that is legally privileged. > If you are not the intended addressee, or the person responsible for > delivering it to the intended addressee, you are hereby notified that > reading, disseminating, distributing or copying this message is strictly > prohibited. > If you have received this message by mistake, please immediately notify us > by replying to the message and delete the original message and any copies > immediately thereafter. > > If you received this email as a commercial message and would like to opt > out of future commercial messages, please let us know and we will remove > you from our distribution list. > > Thank you. > > ****************************************************************************************** > FAFLD > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org > For additional commands, e-mail: user-h...@jmeter.apache.org > -- Cordialement Philippe M. Ubik-Ingenierie
