asfimport

@rollno748 ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65129&redirect=false#c1)): Hello, I guess, that is not necessary and would not be an ideal way to proceed with the scripting. If your intention is to map the...

@rollno748 ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65129&redirect=false#c2)): Created attachment [37730.jmx](https://apache.github.io/jmeter-bugzilla-attachments/29/65129/38281/37730.jmx): Simple workaround 37730.jmx ````xml false true false continue false 1 1 1 false true false KB4474419 = true q www.catalog.update.microsoft.com /Search.aspx GET true...

@vlsi ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c1)): The upcoming version would include the fix, see https://github.com/apache/jmeter/pull/680

**Ren** ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c6)): more vulnerability vahe been detected in log4j2 <= 2.16.0 (CVE-2021-45105, CVE-2021-45046). So the minimum version of the log4j2 library should be 2.17.0.

@qainsights ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c7)): Pasting the response of Phillippe from Twitter. JMeter is not concerned by this CVE-2021-45105 we don’t use such fragile patterns in the config. Also JMeter is...

**Arjan van Daalen** ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c8)): I noticed that another vulnerability has been found in version 2.17.0 of log4j: https://logging.apache.org/log4j/2.x/index.html 2.17.1 fixes this.

**Josiah Johnston** ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c9)): +1 to Arjan I greatly appreciate the Christmas Eve security release (upgrade to 2.17.0), but looks like Krampus delivered another vulnerability with CVE-2021-44832. That security...

**Ren** ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c11)): Hi, are there any plans to make a release using the 2.17.1 version of log4j? My customer has locked the available versions in our maven repository...

@FSchumacher ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c12)): In https://ardesco.lazerycode.com/oss/2021/12/28/fixing-security-flaws-with-the-jmeter-maven-plugin.html are described a couple of workarounds. The last looks like a good solution to me, but note, that I haven't tested it.

**Vishaldeep Gupta** ([migrated from Bugzilla](https://bz.apache.org/bugzilla//show_bug.cgi?id=65748&redirect=false#c14)): [https://github.com/apache/jmeter/issues/5645] JMeter latest version 5.4.3 is updated to log4j 2.17.0 , But our security wants to upgrade to 2.17.1 . When and which release apache...