How to resolve log4j vulnerabilities

halkeye · January 21, 2022, 11:56pm

Jenkins doesn’t us log4j. Almost all plugins don’t use log4j and those that did were updated.

How to remedy the non existent situation? Update your core and plugins and file bugs if any remaining plugins still use it.

Topic		Replies	Views
Apache Log4j 2 vulnerability CVE-2021-44228 Blog & News	13	12326	January 22, 2022
Is Jenkins vulnerable to the log4j CVE-2021-44228 Ask a question	3	5871	December 10, 2021
Log4j getting downloaded even we have excluded from service Using Jenkins question	1	481	May 26, 2022
Job failures for unkown reasons Ask a question question	1	545	March 24, 2023
Mitigating CVE-2023-27898 XSS vulnerability in plugin manager and related Ask a question question , sig-security	1	712	March 16, 2023