jmeter icon indicating copy to clipboard operation
jmeter copied to clipboard
verified publisher icon apache

Security Vulnerability Roadmap Inquiry

Open ClarkR4 opened this issue 10 months ago • 2 comments

JMeter team, my program is currently running version 5.6.3. Our scanners have identified multiple critical, high, and medium vulnerabilities, to include log4j findings.

I've not attached the scan information in order to stay in compliance with the security vulnerability reporting guidelines, but is there a publicly accessible log of expected dependency updates? Additionally, is there an estimated date for the next JMeter release?

I can share specific vulnerabilities in this issue or via email if necessary.

ClarkR4 avatar Feb 18 '25 20:02 ClarkR4

There are several open issues on this topic since years... it seems that the vulnerabilities are not important.

andreainnocenti avatar Mar 21 '25 12:03 andreainnocenti

Send report on [email protected] pls

milamberspace avatar Jul 07 '25 08:07 milamberspace