[JENKINS-67355] log4j dependency has critical vulnerability CVE-2021-44228 in Audit Log Plugin

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: audit-log-plugin
Labels:

Similar Issues:
Powered by SuggestiMate

Show
Epic Link:
log4j CVE-2021-44228 and CVE-2021-45046
Released As:
1.3

See JENKINS-67353

Daniel Beck created issue - 2021-12-11 09:29

Daniel Beck made changes - 2021-12-11 21:51

Priority

Original: Minor [ 4 ]

New: Critical [ 2 ]

Owen Mehegan added a comment - 2021-12-13 00:58

https://github.com/jenkinsci/audit-log-plugin/pull/83 has been proposed to fix this.

Owen Mehegan added a comment - 2021-12-13 00:58 https://github.com/jenkinsci/audit-log-plugin/pull/83 has been proposed to fix this.

Sorin Srbu added a comment - 2021-12-14 06:46

Seems like the dev fixing this is kinda' stuck over at github.
I'm an enduser unfortunately, so can only wait...

Sorin Srbu added a comment - 2021-12-14 06:46 Seems like the dev fixing this is kinda' stuck over at github. I'm an enduser unfortunately, so can only wait...

Daniel Beck made changes - 2021-12-14 08:08

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Fixed but Unreleased [ 10203 ]

Daniel Beck made changes - 2021-12-14 17:20

Released As		New: 1.3
Status	Original: Fixed but Unreleased [ 10203 ]	New: Closed [ 6 ]

Jenkins CERT Bot made changes - 2022-01-30 16:02

Labels

Original: CVE-2021-44228 security

New: CVE-2021-44228 jcabot:001 jcabot:002 security

Assignee:: Unassigned

Reporter:: Daniel Beck

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2021-12-11 09:29

Updated:: 2022-01-30 16:02

Resolved:: 2021-12-14 08:08

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Owen Mehegan added a comment - 2021-12-13 00:58

Expand comment: Owen Mehegan added a comment - 2021-12-13 00:58

Collapse comment: Sorin Srbu added a comment - 2021-12-14 06:46

Expand comment: Sorin Srbu added a comment - 2021-12-14 06:46

People

Dates