-
Bug
-
Resolution: Fixed
-
Major
2.16 has been found to also contain vulnerabilities and requires an update to 2.17 (2.16 however is less vulnerable than 2.15).
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core
| 2.17.x | 2.17.0 | Central | 135 | Dec, 2021 | |
| 2.16.x | 2.16.0 | 1 vulnerability | Central | 636 | Dec, 2021 |
| 2.15.x | 2.15.0 | 2 vulnerabilities | Central | 1,088 | Dec, 2021 |
- is related to
-
JENKINS-67353
log4j CVE-2021-44228 and CVE-2021-45046 in Jenkins
-
- Open
-
- links to
[JENKINS-67424] Checkmarx Plugin contains vulnerability in log4j-core version 2.16
lkis01
created issue -
lkis01
made changes -
| Issue Type | Original: Task [ 3 ] | New: Bug [ 1 ] |
Ian Williams
made changes -
| Link | New: This issue is related to JENKINS-67353 [ JENKINS-67353 ] |
Ian Williams
made changes -
| Remote Link | New: This issue links to " Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0 #85 (Web Link)" [ 27313 ] |
lkis01
added a comment - I'm referring to version 2.16. It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch. Thanks
lkis01
added a comment - I'm referring to version 2.16. It looks like they have addressed in PR #85, so I will wait until they have merged it into the next patch. Thanks lkis01
added a comment - Issue resolved. PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability.
lkis01
added a comment - Issue resolved. PR #85 was merged and plugin updated to version 2022.1.2 to address this vulnerability. lkis01
made changes -
| Released As | New: https://plugins.jenkins.io/checkmarx/#releases | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
| Labels | New: jcabot:001 |
| Labels | Original: jcabot:001 | New: jcabot:001 jcabot:002 |
Not sure what you are referring to or what version specifically, but seems to have been addressed, but not released: PR#85: Log4j 2.16.0 is not sufficient. Upgrading to 2.17.0. Prior: Updated the log4J fix .