Hmmm, found this page: https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
So I ran the script in the script console and got the error indicating that log4j is not included in any installed and enabled plugin. Anyone have a clue? Thanks, Eric On Thursday, December 16, 2021 at 11:15:25 AM UTC-7 [email protected] wrote: > Hi all. Getting popped by our security team for an old version of log4j. > I've checked and we don't have any of the plugins installed identified by > the following issue: > > https://issues.jenkins.io/browse/JENKINS-67353 > > Here's the info from the scan: > > Plugin Output: > Path : > /opt/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.pom.sha1 > Installed version : 2.14.1 > Fixed version : 2.15.0 > > Anyone have a clue on how I go about upgrading this? > > Thanks, > Eric > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c7c21022-d446-451f-939c-adb4eb4eebden%40googlegroups.com.
