Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67369

log4j dependency has another vulnerability CVE-2021-45046 in Talend Plugin

    • 1.14

      See JENKINS-67353, second vulnerability: CVE-2021-45046, requires to update Log4j to 2.16 now.
      This one is less important but will still be detected by scanners and alert all users.

          [JENKINS-67369] log4j dependency has another vulnerability CVE-2021-45046 in Talend Plugin

          Daniel Beck added a comment -

          I'd also like to note that the plugin is improperly set up for CD, that's why the version number includes "-rc". See https://www.jenkins.io/doc/developer/publishing/releasing-cd/#pom-file-modifications

          Daniel Beck added a comment - I'd also like to note that the plugin is improperly set up for CD, that's why the version number includes "-rc". See https://www.jenkins.io/doc/developer/publishing/releasing-cd/#pom-file-modifications

          P Peters added a comment -

          I removed the log4j dependency altogether and I intend to start using CI releases when I solve having a dependency that is not published to maven central.

          P Peters added a comment - I removed the log4j dependency altogether and I intend to start using CI releases when I solve having a dependency that is not published to maven central.

          P Peters added a comment -

          Removed the dependency on log4j altogether

          P Peters added a comment - Removed the dependency on log4j altogether

            afkab P Peters
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: