DEV Community

Cover image for JMeter 5.4.1 fix for Security CVE-2021-44228 issue
Boga Sebastian Nicolae
Boga Sebastian Nicolae

Posted on

3 1

JMeter 5.4.1 fix for Security CVE-2021-44228 issue

In case you installed on Windows, JMeter 5.4.1 from the Github repo: install-jmeter-windows, by now you should know that you are impacted by Security issue CVE-2021-44228 because JMeter is a JAVA application

Here you can find an automatic tool that will fix your vulnerability by downloading the log4j version 2.16

STEPS:

  1. STOP JMeter GUI

  2. download Release v01 from here: https://github.com/sebiboga/jmeter-fix-cve-2021-44228-windows/releases/tag/v01

  3. unzip the Release

  4. double click on cve-2021-44228.bat

In case you didn't installed JMeter in C:\JMeter\apache-jmeter-5.4.1, you'll have to:

  • EDIT the bat file and on row 2, update your location where JMeter is installed;
  • then update all copy commands with correct destination folder

Here is the batch file:

@echo off
cd C:\JMeter\apache-jmeter-5.4.1\lib
del log4j*.*
md C:\JMeter\cve-2021-4428

powershell -command "Invoke-WebRequest   -Uri 'https://dlcdn.apache.org/logging/log4j/2.16.0/apache-log4j-2.16.0-bin.zip' -OutFile 'C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin.zip'"
powershell -command "Expand-Archive -Force 'C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin.zip' 'C:\JMeter\cve-2021-4428'"
copy C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin\log4j-1.2-api-2.16.0.jar  C:\JMeter\apache-jmeter-5.4.1\lib\*.*
copy C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin\log4j-api-2.16.0.jar  C:\JMeter\apache-jmeter-5.4.1\lib\*.*
copy C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin\log4j-core-2.16.0.jar  C:\JMeter\apache-jmeter-5.4.1\lib\*.*
copy C:\JMeter\cve-2021-4428\apache-log4j-2.16.0-bin\log4j-slf4j-impl-2.16.0.jar  C:\JMeter\apache-jmeter-5.4.1\lib\*.*
Enter fullscreen mode Exit fullscreen mode

Have a nice day!

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (6)

Collapse
 
moldocristi profile image
moldocristi •

These changes must be done to all JMeter versions installed on your machine?

Collapse
 
sebiboga profile image
Boga Sebastian Nicolae • • Edited

yes. you can CHANGE row 2 / and the destination folder for copy commands in the script and re-run for older version from your machine.
thank you

Collapse
 
moldocristi profile image
moldocristi •

Thank you!
The release folder can be deleted after the installation.

Collapse
 
sebiboga profile image
Boga Sebastian Nicolae •

yes. the zip file with release v01 and unzipped folder can be deleted after the script finished.

Collapse
 
dorinoana profile image
DorinOana •

Thank you Sebi,
you can delete the folder after the script finished

Collapse
 
sebiboga profile image
Boga Sebastian Nicolae •

indeed;
folder C:\JMeter\cve-2021-4428 can be deleted after the script finish
thank you @dorinoana

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up