log4j dependency has critical vulnerability CVE-2021-44228

jenkinsci / thundra-foresight-plugin

MIT License

0 stars 3 forks source link

log4j dependency has critical vulnerability CVE-2021-44228 #3

Closed daniel-beck closed 2 years ago

daniel-beck commented 2 years ago

See https://issues.jenkins.io/browse/JENKINS-67353

Wadeck commented 2 years ago

⚠️ Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.