Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-15119

Upgrade the repository checker to include latest 3rd party security patches

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Fixed
    • None
    • checker-2.6.0
    • None
    • None
    • Pulsar
    • Pulsar 294 - Cycle 6-1, Pulsar 295 - Cycle 6-2

    Description

      [original title:] Is there any Security issues log4jshell V2.16.0 in hippo-addon-checker?

      Is “hippo-addon-checker.jar” vulnerable to log4jshell V2.16.0 and if so how do we mitigate this problem?

      You can see the client request here: 
      "The add-on checker v.2.5.0 uses Log4J Core V2.16.0 that has vulnerabilities that can be found here:
      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.16.0

      Is there any possibility to update to version 2.17.1 at least preferably 2.17.2?"

       

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CMS-14906 Security issue log4jshell in hippo-addon-checker?

          • Top - Should be worked on at this time and be top on the list, required for next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              deniz.ergun Deniz Ergun
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: