-
Bug
-
Resolution: Fixed
-
Major
2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core
2.17.x | 2.17.0 | Central | 135 | Dec, 2021 | |
2.16.x | 2.16.0 | 1 vulnerability | Central | 636 | Dec, 2021 |
2.15.x | 2.15.0 | 2 vulnerabilities | Central | 1,088 | Dec, 2021 |
- is related to
-
JENKINS-67353 log4j CVE-2021-44228 and CVE-2021-45046 in Jenkins
-
- Open
-
- links to
Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .