What’s new in Apache JMeter 5.4.2?

In my last blog, I listed various options to mitigate the CVE-2021-44228 vulnerability. Please note that Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Today, Apache JMeter team has released the emergency minor version of JMeter 5.4.2 which includes Log4j 2.16 jars. Let us know briefly about this release.

What’s new in Apache JMeter 5.4.2?

Typically, every release of JMeter will have a new and noteworthy section and numerous bug fixes and enhancements, and sampler updates. Since this is an emergency release, JMeter community focussed on Log4j 2.16 jars patch.

There is no new or noteworthy in this minor release.

What's new in Apache JMeter 5.4.2?
What’s new in Apache JMeter 5.4.2?

Only non-functional changes, which include Log4j 2.16 updates from Log4j 2.13.3.

You can download the latest version from here.

Please validate the SHA512 checksum to verify the integrity.

Typically, for any release, the community will wait for the votes for at least 72 hours. Since this is an emergency release, the team has released the minor version swiftly.

Apache JMeter 5.4.2 Vote Binding

Conclusion

It is highly recommended downloading the latest version of JMeter 5.4.2. Also, please update your docker images, Kubernetes deployment YAML, CI/CD script etc. to mitigate the risk.

Please let me know if you face any issues in JMeter 5.4.2.

Happy Testing!

What's new in Apache JMeter 5.4.2

3 thoughts on “What’s new in Apache JMeter 5.4.2?”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Join the fastest growing Performance Engineers club at ClubhouseSHOW ME HOW
+ +
Share via
Copy link