Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[ee4j-build] [CVE-2021-4428] JakartaEE-TCK Jenkins instance


The recently announced 0day vulnerability in Log4j [1] (aka  CVE-2021-44228 [2]) is extremely serious. 

While reviewing the various services the Eclipse Foundation provides, we've identified that the JakartaEE-TCK Jenkins instance was vulnerable because of the plugin bootstraped-multi-test-results-report. We uninstalled the plugin and the instance is safe. We won't re-install the plugin until it has been fixed upstream. We've already reported the issue [3]. 

Thanks for you understanding.

Mikaël Barbero 
Manager — Release Engineering and Technology | Eclipse Foundation
🐦 @mikbarbero
Eclipse Foundation: The Platform for Open Innovation and Collaboration

Attachment: signature.asc
Description: Message signed with OpenPGP

Back to the top