Updated log4j-slf4j-impl to 2.17.0.

mulesoft-catalyst / mule-sonarqube-plugin

The Mule SonarQube Plugin provides the capability to do code inspecting and taking project metrics from a mule project using SonarQube.

The Unlicense

46 stars 68 forks source link

Updated log4j-slf4j-impl to 2.17.0. #36

Closed ChadDevOps closed 2 years ago

ChadDevOps commented 2 years ago

Tenable reports that log4j-core-2.10.0 has a critical exploit. Updated to latest version 2.16.0. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Example of reported location:

Path : /root/.sonar/cache/6b2322bbcb852460079e724f7f542715f/sonar-mulevalidationsonarqubepluginmule-plugin.jar_unzip/META-INF/lib/log4j-core-2.10.0.jar Installed version : 2.10.0 Fixed version : 2.15.0

Stift commented 2 years ago

@ChadDevOps Do you mind to update to 2.17.0 to react on CVE-2021-45105 with that PR as well?

ChadDevOps commented 2 years ago

@ChadDevOps Do you mind to update to 2.17.0 to react on CVE-2021-45105 with that PR as well?

Thanks, updated to 2.17.0. Tested on SQ 8.9.1. Looks good.