Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67357

log4j dependency has critical vulnerability CVE-2021-44228 in Micro Focus Application Automation Tools Plugin

    • 7.2

      See JENKINS-67353

      Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16.
      This one is less important but will still be detected by scanners and alert all users.

          [JENKINS-67357] log4j dependency has critical vulnerability CVE-2021-44228 in Micro Focus Application Automation Tools Plugin

          Bill Hopper added a comment - - edited

          Ummm... now 2.17.0 is the recommendation.

          Bill Hopper added a comment - - edited Ummm... now 2.17.0 is the recommendation.

          Zhipeng added a comment -

          7.2 with log4j 2.17 has already been published.

          Zhipeng added a comment - 7.2 with log4j 2.17 has already been published.

          Alex added a comment -

          hey zhipengwa

          We can not see this release on the https://plugins.jenkins.io/hp-application-automation-tools-plugin/ page. 

          Can you please confirm when this will be publicly published?

           Thanks

          Alex added a comment - hey zhipengwa We can not see this release on the https://plugins.jenkins.io/hp-application-automation-tools-plugin/  page.  Can you please confirm when this will be publicly published?  Thanks

          Zhipeng added a comment - - edited

          Hi itisalex,

          The documentation web page will need a while to be updated, the plugin has already been published to Artifactory. Please try to update it from you Jenkins server or you can directly download it from https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/hp-application-automation-tools-plugin/7.2/

          Zhipeng added a comment - - edited Hi itisalex , The documentation web page will need a while to be updated, the plugin has already been published to Artifactory. Please try to update it from you Jenkins server or you can directly download it from  https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/hp-application-automation-tools-plugin/7.2/

          Bill Hopper added a comment -

          After using /pluginManager/checkUpdatesServer, I was able to update to the new version (with log4j 2.17) and it is working.

          Thank you.

          Bill Hopper added a comment - After using /pluginManager/checkUpdatesServer, I was able to update to the new version (with log4j 2.17) and it is working. Thank you.

          Bill Hopper added a comment -

          My apologies for clicking the wrong Jira button  

          Bill Hopper added a comment - My apologies for clicking the wrong Jira button  

          Zhipeng added a comment -

          fixed in 7.2

          Zhipeng added a comment - fixed in 7.2

          Harry Singh added a comment -

          zhipengwa - Is this plugin published with log4j version 2.17.0 or 2.17.1?

          Harry Singh added a comment - zhipengwa  - Is this plugin published with log4j version 2.17.0 or 2.17.1?

          Zhipeng added a comment -

          harry_001, it's 2.17.0

          Zhipeng added a comment - harry_001 , it's 2.17.0

          Harry Singh added a comment -

          zhipengwa - Do you know if we will release this plugin with 2.17.1 or higher versions? We use this plugin in our jenkins devops but in order to comply our orginzation requires 2.17.1 or higher version. 

          Harry Singh added a comment - zhipengwa - Do you know if we will release this plugin with 2.17.1 or higher versions? We use this plugin in our jenkins devops but in order to comply our orginzation requires 2.17.1 or higher version. 

            zhipengwa Zhipeng
            danielbeck Daniel Beck
            Votes:
            3 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: