[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log4j < 2.16 #30

Closed
tpwl21 opened this issue Dec 15, 2021 · 6 comments · Fixed by #32
Closed

Log4j < 2.16 #30

tpwl21 opened this issue Dec 15, 2021 · 6 comments · Fixed by #32
Labels
enhancement New feature or request question Further information is requested

Comments

@tpwl21
Copy link
tpwl21 commented Dec 15, 2021
edited
Loading

The plugin use the library log4j version 2.13.

As everybody knows this version is vulnerable (RCE). Even if it's not critical, it triggers security scans.
Possible to build a new version of the listenner using log4j 2.16 ?
@tpwl21 tpwl21 changed the title Log4j < 2.15 Log4j < 2.16 Dec 15, 2021
@mderevyankoaqa
Copy link
Owner

@tpwl21 not sure, it seems log4j is part of JMeter core..

+--- org.apache.jmeter:ApacheJMeter_core:5.4.1
| +--- org.apache.jmeter:ApacheJMeter:5.4.1
| +--- org.apache.jmeter:jorphan:5.4.1
| | +--- org.apiguardian:apiguardian-api:1.1.0
| | --- org.slf4j:slf4j-api:1.7.30
| +--- bsf:bsf:2.4.0
| | --- commons-logging:commons-logging:1.0.4
| +--- com.fifesoft:rsyntaxtextarea:3.1.1
| +--- net.sf.jtidy:jtidy:r938
| +--- com.thoughtworks.xstream:xstream:1.4.15
| | +--- xmlpull:xmlpull:1.1.3.1
| | --- xpp3:xpp3_min:1.1.4c
| +--- org.apache.logging.log4j:log4j-1.2-api:2.13.3
| | --- org.apache.logging.log4j:log4j-api:2.13.3
| +--- org.apache.logging.log4j:log4j-api:2.13.3
| +--- org.apache.logging.log4j:log4j-core:2.13.3
| | --- org.apache.logging.log4j:log4j-api:2.13.3
| +--- org.apache.logging.log4j:log4j-slf4j-impl:2.13.3
| | +--- org.slf4j:slf4j-api:1.7.25 -> 1.7.30
| | --- org.apache.logging.log4j:log4j-api:2.13.3
| +--- org.apiguardian:apiguardian-api:1.1.0
| +--- oro:oro:2.0.8
| +--- xalan:xalan:2.7.2

BR,
Mike

@mderevyankoaqa mderevyankoaqa added the question Further information is requested label Dec 15, 2021
@tpwl21
Copy link
Author
tpwl21 commented Dec 21, 2021

Thanks for your answer Mike,

It Looks like Jmeter 5.4.2 has been released and integrate the version log4j 2.16.
I will try to build it on my side.

BR,
Theo

@mderevyankoaqa
Copy link
Owner

Thanks @tpwl21 ,

Will push a new release soon with updated things..

BR,
Mike

@mderevyankoaqa mderevyankoaqa added the enhancement New feature or request label Dec 21, 2021
@mderevyankoaqa mderevyankoaqa mentioned this issue Dec 22, 2021
Merged
@mderevyankoaqa
Copy link
Owner

@tpwl21 please take the latest release.

BR,
Mike

@tpwl21
Copy link
Author
tpwl21 commented Dec 22, 2021

Thanks a lot Mike for this new release.
I'm gonna test it tommorow !

All the best,
Theo

@mderevyankoaqa
Copy link
Owner

Welcome please do not forget to use the latest JMeter :)

BR,
Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Supported JMeter 5.4.2 & updated libs mderevyankoaqa/jmeter-influxdb2-listener-plugin
2 participants
@tpwl21 @mderevyankoaqa