log4j 2.16.0 dependency has vulnerability CVE-2021-45105

jenkinsci / xray-connector-plugin

Xray Test Management Connector for Jenkins

https://plugins.jenkins.io/xray-connector/

MIT License

16 stars 13 forks source link

log4j 2.16.0 dependency has vulnerability CVE-2021-45105 #57

Closed joaocfernandes closed 2 years ago

joaocfernandes commented 2 years ago

Please see:

https://issues.jenkins.io/browse/JENKINS-67353?focusedCommentId=417215&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-417215

https://snyk.io/blog/log4j-2-16-vulnerability-cve-2021-45105-discovered/

Also refer to previous issue https://github.com/jenkinsci/xray-connector-plugin/issues/53

Russell616 commented 2 years ago

Hi João,

Yes, we are aware of this new vulnerability. We plan to deploy a new version of the plugin still this week.

I think the whole Java community would appreciate it if no more vulnerabilities in log4j were found...let's hope so...

Russell616 commented 2 years ago

I just released the xray-connector 2.5.3, using log4j 2.17.0. Please note that it will take a few minutes until you can see the new version in your Jenkins instance.

joaocfernandes commented 2 years ago

Thanks a lot, once again @Russell616 !