The latest versions including log4j fix version 7.11.2 contain log4j-core-2.15.0.jar. Apache advises tot upgrade to 2.16 because 2.15 contains CVE-2021-45046.
Will Neoload deliver a fix version for this CVE?
Based on the newly reported CVE-2021-45046, when severity goes over a CVSS score of 7, our development teams start building patches, but even though this new CVE has been reported at a low score (CVSS=3), Tricentis has begun building patches for the newly released vulnerability.
Customers can use the newly patched versions of NeoLoad (7.9.2 / 7.10.2 / 7.11.2) with no major issues. Tricentis is planning to integrate Log4j 2.16.0 in a new wave of releases for NeoLoad, so 7.9.3, v7.10.3, v7.11.3, v8.0.1 will be coming in the next week.
Did you find this useful ?
100% of users found this answer useful
