Closed ChadDevOps closed 2 years ago
@ChadDevOps Do you mind to update to 2.17.0 to react on CVE-2021-45105 with that PR as well?
@ChadDevOps Do you mind to update to 2.17.0 to react on CVE-2021-45105 with that PR as well?
Thanks, updated to 2.17.0. Tested on SQ 8.9.1. Looks good.
Tenable reports that log4j-core-2.10.0 has a critical exploit. Updated to latest version 2.16.0. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Example of reported location:
Path : /root/.sonar/cache/6b2322bbcb852460079e724f7f542715f/sonar-mulevalidationsonarqubepluginmule-plugin.jar_unzip/META-INF/lib/log4j-core-2.10.0.jar Installed version : 2.10.0 Fixed version : 2.15.0