We have made RedLine13 security updates that address a JMeter security vulnerability and we’ve added MFA for RedLine13 login. These changes are available for Enterprise users.
JMeter Vulnerability
JMeter has an active security vulnerability #5766 that will be fixed in JMeter 5.5.1. But that release is not available yet so RedLine13 has fixed this vulnerability until JMeter 5.5.1 is available. This has a severity of critical and exploiting this vulnerability could potentially allow for remote code execution through expressions within inline string interpolation.
Enterprise Accounts can now access a patched JMeter version which includes updated libraries that are not yet released by Apache JMeter but are required for Security Compliance. RedLine13 has patched JMeter 5.4.1 and 5.5 with the updated Apache Commons Text library to resolve this JMeter vulnerability CVE-2022-42889.
Multi-Factor Authentication (MFA) Support
Enterprise Accounts can use MFA for their login.
In addition, RedLine13 Admins are required to use MFA as part of our internal privacy policy.
Enterprise
Read more about Enterprise accounts.