Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67424

Checkmarx Plugin contains vulnerability in log4j-core version 2.16

    XMLWordPrintable

Details

    Description

      2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).

       

      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

      2.17.x 2.17.0   Central 135 Dec, 2021
      2.16.x 2.16.0 1 vulnerability Central 636 Dec, 2021
      2.15.x 2.15.0 2 vulnerabilities Central 1,088 Dec, 2021

       

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. JENKINS-67353 log4j CVE-2021-44228 and CVE-2021-45046 in Jenkins

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          links to

          Web Link Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 #85

          Activity

            People

              sergeyk Sergey Kadaner
              lkisac01 lkis01
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: