atlassian / bamboo-maven-version-variable-updater-plugin / issues / #13 - Log4 Vulnerable — Bitbucket

Issue #13 resolved

Neeraj Bhatia created an issue 2021-12-15

Hi Support team,

We are using ‘Variable Tasks’ for bamboo plugin in our organization. Could you please confirm if its vulnerable to Log4j vulnerability CVE-2021-44228?

‌

Thanks,

Neeraj

Comments (2)

Michael Knight

This plugin is not inherently vulnerable as it uses log4j 1.x (CVE-2021-44228 indicates only versions Log4j2 2.0-beta9 and higher is affected).

$ mvn help:effective-pom | grep -A2 -B2 log4j
      <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-log4j12</artifactId>
        <version>1.7.10</version>
      </dependency>

‌

2021-12-15T23:22:16+00:00

Michael Knight
- changed status to resolved
- 2021-12-15T23:23:11+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1