Hmmm, found this page: https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
So I ran the script in the script console and got the error indicating that log4j is not included in any installed and enabled plugin. Anyone have a clue? Thanks, Eric On Thursday, December 16, 2021 at 11:15:25 AM UTC-7 eric....@gmail.com wrote: > Hi all. Getting popped by our security team for an old version of log4j. > I've checked and we don't have any of the plugins installed identified by > the following issue: > > https://issues.jenkins.io/browse/JENKINS-67353 > > Here's the info from the scan: > > Plugin Output: > Path : > /opt/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.pom.sha1 > Installed version : 2.14.1 > Fixed version : 2.15.0 > > Anyone have a clue on how I go about upgrading this? > > Thanks, > Eric > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c7c21022-d446-451f-939c-adb4eb4eebden%40googlegroups.com.
