log4j 2.16.0 dependency has vulnerability CVE-2021-45105 #57
Assignees
Labels
bug
Something isn't working
Comments
|
Hi João, Yes, we are aware of this new vulnerability. We plan to deploy a new version of the plugin still this week. I think the whole Java community would appreciate it if no more vulnerabilities in log4j were found...let's hope so... |
Russell616
pushed a commit
that referenced
this issue
Dec 20, 2021
Russell616
added a commit
that referenced
this issue
Dec 20, 2021
#57 XRAYJENKINS-132 Bump version of log4j version to 2.17.0
|
I just released the xray-connector 2.5.3, using log4j 2.17.0. Please note that it will take a few minutes until you can see the new version in your Jenkins instance. |
|
Thanks a lot, once again @Russell616 ! |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please see:
https://issues.jenkins.io/browse/JENKINS-67353?focusedCommentId=417215&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-417215
https://snyk.io/blog/log4j-2-16-vulnerability-cve-2021-45105-discovered/
Also refer to previous issue #53
The text was updated successfully, but these errors were encountered: