Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67424

Checkmarx Plugin contains vulnerability in log4j-core version 2.16

      2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).

       

      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

      2.17.x 2.17.0   Central 135 Dec, 2021
      2.16.x 2.16.0 1 vulnerability Central 636 Dec, 2021
      2.15.x 2.15.0 2 vulnerabilities Central 1,088 Dec, 2021

       

          [JENKINS-67424] Checkmarx Plugin contains vulnerability in log4j-core version 2.16

          Ian Williams added a comment - - edited

          Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .

          Ian Williams added a comment - - edited Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 . Prior: Updated the log4J fix .

          lkis01 added a comment -

          I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks

          lkis01 added a comment - I'm referring to version 2.16.  It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch.  Thanks

          lkis01 added a comment -

          Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

          lkis01 added a comment - Issue resolved.  PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.

            sergeyk Sergey Kadaner
            lkisac01 lkis01
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: