Apologies for writing this before doing my research (which I am just about to do), but I’ve just been alerted to a major exploit called Zeroday which affects users of Log4j prior to v2.15.0. Looking in the Katalon installation files (plugins folder) I see “org.apache.log4j_1.2.15.v201012070815.jar”…

Hi everyone, The fix has been merged into official release: Katalon Studio 8.3.0. Please see the Release note for more details. Happy Testing! Nam Nguyen.

A quick update - I heard back from Katalon support that they are evaluating this impact. I read that this exploit only impacts Log4J v2, and not v1 (which is EOL), and it looks like v1 is what Katalon uses.

[image] gengland: I read that this exploit only impacts Log4J v2, and not v1 (which is EOL), and it looks like v1 is what Katalon uses. Confirmed: [image] But… [image] QRadar SaaS | IBM @duyluong @ThanhTo @devalex88 Can a dev please investigate and report back a definitive statement a…

Hi there, Katalon Studio (KS, KSE and KRE) uses Log4J v1.2.15 as our dependences that may be impacted by this vulnerability, but the severity is pretty much lower. For more details, please refer to this explanation of Log4j2 team member. Katalon Studio doesn’t use JMSAppender so the vulnerability …

Hi everyone If you want to get rid of the Log4j versions before 2.15.0, you can use 8.2.3.beta. This beta release upgraded log4j to version 2.17.0. Download it from our GitHub Repo at: https://github.com/katalon-studio/katalon-studio/releases/tag/v8.2.3.beta During your usage, if you have any i…

Katalon Response to the Log4J2 exploit (cve-2021-44228)

Bug Report

Russ_Thomas December 12, 2021, 1:29pm 5

Tracking: https://www.randori.com/blog/cve-2021-44228/

Topic		Replies	Views
Log4J Official Thread Miscellaneous start-page	4	1986	December 30, 2021
Seeking update on log4j Web Testing katalon-studio	15	1995	January 27, 2022
Security for Katalon Projects Web Testing katalon-studio	1	735	December 15, 2021
Katalon Studio Vulnerabilities API Testing integrations , katalon-studio , web-testing , api-testing	3	293	May 15, 2024
Is there a fix/update for Apache Commons Text vulnerability? Web Testing katalon-studio	1	924	November 5, 2022

Katalon Response to the Log4J2 exploit (cve-2021-44228)

Related topics