Answered question

Will CVE-2021-45046 log4j 2.15 soon be fixed?

The latest versions including log4j fix version 7.11.2 contain log4j-core-2.15.0.jar. Apache advises tot upgrade to 2.16 because 2.15 contains CVE-2021-45046.
Will Neoload deliver a fix version for this CVE?

Robert B.
Robert B.

Robert B.

Level
0
13 / 100
points
Nouredine A.
Nouredine A.

Nouredine A.

Level
4
5000 / 5000
points
Team

Based on the newly reported CVE-2021-45046, when severity goes over a CVSS score of 7, our development teams start building patches, but even though this new CVE has been reported at a low score (CVSS=3), Tricentis has begun building patches for the newly released vulnerability. 

 

Customers can use the newly patched versions of NeoLoad (7.9.2 / 7.10.2 / 7.11.2) with no major issues. Tricentis is planning to integrate Log4j 2.16.0 in a new wave of releases for NeoLoad, so 7.9.3, v7.10.3, v7.11.3, v8.0.1 will be coming in the next week.

Did you find this useful ?

No (0)

Yes (1)

100%

100% of users found this answer useful