'Re: Jmeter release with CVE-2021-44228 mitigation'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jmeter-user
Subject:    Re: Jmeter release with CVE-2021-44228 mitigation
From:       Philippe Mouawad <p.mouawad () ubik-ingenierie ! com>
Date:       2021-12-14 15:32:49
Message-ID: CAH9fUpYBWT-2+EnKhZR18NmXEozmMuk5YRUa7p3YoQtk3mUsrQ () mail ! gmail ! com
[Download RAW message or body]


Hello,
You can read this blog which details how to proceed:

   -
   https://www.ubik-ingenierie.com/blog/jmeter-and-the-log4j2-vulnerability/

Regards
Philippe M.

On Tue, Dec 14, 2021 at 4:00 PM Smruti Ranjan Roul
<sranjanroul@firstam.com.invalid> wrote:

> I have just raised this recently. But from one of the forum, I came to
> know that you can download the log4j jar files and replace on the JMeter
> package. The latest 2.16 version is readily available.
> 
> https://logging.apache.org/log4j/2.x/download.html
> 
> Thanks,
> Smruti
> 
> 
> -----Original Message-----
> From: Valeriy Zabawski <dziki7jam@gmail.com>
> Sent: Tuesday, December 14, 2021 8:04 PM
> To: user@jmeter.apache.org
> Subject: Jmeter release with CVE-2021-44228 mitigation
> 
> Hello everyone. I've noticed a commit in Jmeter GitHub repo that mitigates
> a recently discovered vulnerability in log4j library used by Jmeter.
> As far as I can see, this fix was only added to the code and new builds
> with the updated library were made. Does anyone know when the new version
> with log4j 2.15 library will be released? Also, I would like to know if
> Jmeter 2 and 3 will receive such fixes.
> Link to commit with fix:
> 
> https://urldefense.com/v3/__https://github.com/apache/jmeter/commit/403842148e82c24e \
> 560c365efd8b7290076b0ba5__;!!L1aKtqoz4WY!JdHOFM5ACmAheHSIA4e7asv2KEub2AmAgQuSm_pS11IdipbeLWfba4K8YTpmVX1xrg$
>  
> Thanks in advance.
> 
> 
> ******************************************************************************************
>  This message may contain confidential or proprietary information intended
> only for the use of the addressee(s) named above or may contain information
> that is legally privileged.
> If you are not the intended addressee, or the person responsible for
> delivering it to the intended addressee, you are hereby notified that
> reading, disseminating, distributing or copying this message is strictly
> prohibited.
> If you have received this message by mistake, please immediately notify us
> by replying to the message and delete the original message and any copies
> immediately thereafter.
> 
> If you received this email as a commercial message and would like to opt
> out of future commercial messages, please let us know and we will remove
> you from our distribution list.
> 
> Thank you.
> 
> ******************************************************************************************
>  FAFLD
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
> 


-- 
Cordialement
Philippe M.
Ubik-Ingenierie



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic