log4j CVE-2021-44228 vulnerability

88 views

Skip to first unread message

Pranav Joshi

unread,

Dec 13, 2021, 7:50:12 AM12/13/21

to go-cd

Hi Team,

We are currently using gocd version of 20.6.0 and we found that it has a vulnerability log4j CVE-2021-44228. And the latest release v21.3.0 has been updated with log4j-over-slf4j but even the vulnerability still exists . How can we patch this from our side in both versions ? When can we expect GoCD releasing fix for this?

Note: We are using gocd on AWS EKS v1.19 with gocd provided wrapper scripts.

Thanks,

Pranav Joshi

DevOps Engineer

Aravind SV

unread,

Dec 13, 2021, 10:00:49 AM12/13/21

to go-cd

Wanted to redirect others coming across this to the other thread: https://groups.google.com/g/go-cd/c/d-uA9v760Bg/m/VAWsMPCCCwAJ

Reply all

Reply to author

Forward

0 new messages