This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Log4j Vulnerability (CVE-2021-44228) in Maven plugins

Posted on 12-13-2021 08:03 AM
danielpuiu
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

 

While investigating if the Maven plugins we use for configuring and deploying Apigee (https://github.com/apigee/apigee-config-maven-plugin and  https://github.com/apigee/apigee-deploy-maven-plugin) are impacted by the CVE-2021-44228 Log4j vulnerability (https://www.lunasec.io/docs/blog/log4j-zero-day/) we found out that they are not affected (the affected versions are >=2.0-beta9 and <=2.14.1).

However, the problem is that these plugins use version 1.2.17 which is End of Life (it is not maintained anymore) and has other security vulnerabilities that will not be fixed anymore.

 

Can these plugins be updated to reference the latest version of Log4j (2.15.0)?

 

Thank you in advance!

0 7 3,906
Topic Labels
0 Likes
7 REPLIES 7
Top Solution Authors
View all