Hi Jmeter team, We are using Jmeter for our project . This mail is regarding the security risk because of log4J . We were using Jmeter4.0 (planning to upgraded to JMeter 5.4.3 version) . But according to release notes still log4J security risk is there in 5.4.3. We need following help from you: 1. It would be helpful if we can get fix for this issue . 2. We have found that latest version of JMeter 5.4.3 which have 2.17.0 Log4j Jar But 2.17 is also having two direct vulnerabilities , Details of both slows that they are vulnerable . In Maven repository(https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core) , we have 2.17.1 version which shows no vulnerability , so can you please advice that can we use 2.17.1 jar with apache Jmeter 5.4.3 version . Is that supported if we do it and will resolve the threat of currently log4j.
*** This bug has been marked as a duplicate of bug 65748 ***
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/5618