jvz
commented
2 years ago @daniel-beck can you use your superpowers again? I haven't gotten around to enabling CD here yet.
Open DemiurgeKH3 opened 2 years ago
jvz
commented
2 years ago @daniel-beck can you use your superpowers again? I haven't gotten around to enabling CD here yet.
daniel-beck
commented
2 years ago Sorry, that's quite a bit of hassle to not mess up accidentally, and IIUC the new vulnerability is far less severe (and in fact fairly unlikely to be exploitable anywhere). I think you're just a password reset away from being able to release yourself?
jvz
commented
2 years ago I already reset my password. Back when I tried to release from Maven, I got 403 errors or something like that. I could try again at some point, though. And you're right, the latest CVEs aren't even really applicable to this plugin.
daniel-beck
commented
2 years ago If a snapshot deploy works, authentication works. What's left is confirming coordinates and user name in https://github.com/jenkins-infra/repository-permissions-updater/blob/master/permissions/plugin-audit-log.yml are correct (and a mismatch in the former wouldn't allow CD either).
DemiurgeKH3
commented
2 years ago Any news on the release of the version of audit log ?
DemiurgeKH3
commented
2 years ago @daniel-beck @jvz Any news on the release of the version of audit log ?
jvz
commented
2 years ago I haven't had a chance to reset my deployment settings yet.
sunilkhokalay
commented
2 years ago 
smarlaku820
commented
2 years ago Hi, Any idea when this is going to get fixed ?
DemiurgeKH3
commented
1 year ago @daniel-beck @jvz any news about that ticket ? When a Nessus scan is done on a machine where Jenkins is installed with this plugin, an error is raised because the plugin uses log4j v2.16.0. v2.17.1 is needed now
amrithdas
commented
8 months ago Waiting for this update.
Hello, is it possible to generate a new version for audit-log plugin which uses log4j v2.17.1 because of this CVE: CVE-2021-45105 ?