Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67424

Checkmarx Plugin contains vulnerability in log4j-core version 2.16

    XMLWordPrintable

Details

    Description

      2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).

       

      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

      2.17.x 2.17.0   Central 135 Dec, 2021
      2.16.x 2.16.0 1 vulnerability Central 636 Dec, 2021
      2.15.x 2.15.0 2 vulnerabilities Central 1,088 Dec, 2021

       

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. JENKINS-67353 log4j CVE-2021-44228 and CVE-2021-45046 in Jenkins

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          links to

          Web Link Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 #85

          Activity

            Ascending order - Click to sort in descending order
            ianw Ian Williams added a comment - - edited

            Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .

            ianw Ian Williams added a comment - - edited Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 . Prior: Updated the log4J fix .
            lkisac01 lkis01 added a comment -

            I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks

            lkisac01 lkis01 added a comment - I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks
            lkisac01 lkis01 added a comment -

            Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

            lkisac01 lkis01 added a comment - Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

            People

              sergeyk Sergey Kadaner
              lkisac01 lkis01
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: