Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67424

Checkmarx Plugin contains vulnerability in log4j-core version 2.16

    XMLWordPrintable

Details

    Description

      2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).

       

      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

      2.17.x 2.17.0   Central 135 Dec, 2021
      2.16.x 2.16.0 1 vulnerability Central 636 Dec, 2021
      2.15.x 2.15.0 2 vulnerabilities Central 1,088 Dec, 2021

       

      Attachments

        Issue Links

          Activity

            ianw Ian Williams added a comment - - edited

            Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .

            ianw Ian Williams added a comment - - edited Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 . Prior: Updated the log4J fix .
            lkisac01 lkis01 added a comment -

            I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks

            lkisac01 lkis01 added a comment - I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks
            lkisac01 lkis01 added a comment -

            Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

            lkisac01 lkis01 added a comment - Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

            People

              sergeyk Sergey Kadaner
              lkisac01 lkis01
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: