search

jenkinsci / ghprb-plugin

github pull requests builder plugin for Jenkins
https://plugins.jenkins.io/ghprb/
MIT License
498 stars 606 forks source link

Log4j in ghprb? #825

Open KristianWindsor opened 2 years ago

KristianWindsor commented 2 years ago

Hi, sorry this isn't a "real" bug, but it is cause for concern.

I ran the bash script from the log4j_checker_beta repo and it reported that one of the jar files from this plugin contains log4j files:

[WARNING] /var/lib/jenkins/plugins/ghprb/WEB-INF/lib/groovy-all-2.4.11.jar contains log4j files

However I ran the groovy snippet from this jenkins blog post and it reported that no plugins are using log4j.

My guess is that there is no log4j here, but I want to be totally sure of this. Can anyone confirm or help me understand what I'm seeing?

Thank you

My environment:

Jenkins: 2.303.2
OS: Linux - 4.14.243-185.433.amzn2.x86_64
ghprb:1.42.2
bjoernhaeuser commented 2 years ago

Hi there,

I was checking the repo, but I cannot find any trace of log4j. Also nothing in the mentioned .jar file. Can you try to get more information out of this tool please you are using?

Thanks.