search

jenkinsci / bootstraped-multi-test-results-report-plugin

The project offers the possibility to build test reports using a bootstrap components, offering rendering support on a wide range of devices.
https://plugins.jenkins.io/bootstraped-multi-test-results-report/
MIT License
15 stars 15 forks source link

Plugin is vulnerable to CVE-2021-4428 (log4j / log4shell) #101

Closed mbarbero closed 2 years ago

mbarbero commented 2 years ago

Running the commands from https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ marks Jenkins instances with the bootstraped-multi-test-results-report plugin as vulnerable. Please release a fixed version.

BogdanLivadariu commented 2 years ago

it will be fixed in the next version, as log4j will be upgraded to 2.15.0 https://github.com/web-innovate/bootstraped-multi-test-results-report/pull/100

jpralves commented 2 years ago

Upgrade to version 2.16.0

BogdanLivadariu commented 2 years ago

will bump it to 2.17.0 @jpralves

BogdanLivadariu commented 2 years ago

in the next days, 2.2.0 will be released, and it will cover this vulnerability

BogdanLivadariu commented 2 years ago

2.2.1 has just been released, which includes updating usage of log4j to 2.17.0