Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log4j in ghprb? #825

Open
KristianWindsor opened this issue Dec 17, 2021 · 1 comment
Open

Log4j in ghprb? #825

KristianWindsor opened this issue Dec 17, 2021 · 1 comment
Labels
bug

Comments

@KristianWindsor
Copy link

Hi, sorry this isn't a "real" bug, but it is cause for concern.

I ran the bash script from the log4j_checker_beta repo and it reported that one of the jar files from this plugin contains log4j files:

[WARNING] /var/lib/jenkins/plugins/ghprb/WEB-INF/lib/groovy-all-2.4.11.jar contains log4j files

However I ran the groovy snippet from this jenkins blog post and it reported that no plugins are using log4j.

My guess is that there is no log4j here, but I want to be totally sure of this. Can anyone confirm or help me understand what I'm seeing?

Thank you

My environment:

Jenkins: 2.303.2
OS: Linux - 4.14.243-185.433.amzn2.x86_64
ghprb:1.42.2
@bjoernhaeuser
Copy link
Contributor

Hi there,

I was checking the repo, but I cannot find any trace of log4j. Also nothing in the mentioned .jar file. Can you try to get more information out of this tool please you are using?

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjoernhaeuser @KristianWindsor