Status: Resolved (View Workflow)
2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).
|2.16.x||2.16.0||1 vulnerability||Central||636||Dec, 2021|
|2.15.x||2.15.0||2 vulnerabilities||Central||1,088||Dec, 2021|
- is related to
JENKINS-67353 log4j CVE-2021-44228 and CVE-2021-45046 in Jenkins
- links to
I'm referring to version 2.16. It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch. Thanks
lkis01 added a comment - I'm referring to version 2.16. It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch. Thanks
Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .