That's unrelated to Jenkins per se. This directory is the maven cache, also called 'local repository'.
My theory is that you have a job or more that uses maven with default values. I suspect you even run these on the controller itself... Some of your job(s) build(s) a software of yours that depends on a vulnerable version of log4j. Le jeu. 16 déc. 2021 à 19:15, eric....@gmail.com <eric.fet...@gmail.com> a écrit : > Hi all. Getting popped by our security team for an old version of log4j. > I've checked and we don't have any of the plugins installed identified by > the following issue: > > https://issues.jenkins.io/browse/JENKINS-67353 > > Here's the info from the scan: > > Plugin Output: > Path : > /opt/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.pom.sha1 > Installed version : 2.14.1 > Fixed version : 2.15.0 > > Anyone have a clue on how I go about upgrading this? > > Thanks, > Eric > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/0e0194bf-3090-43e1-92d2-be3789365ae5n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/0e0194bf-3090-43e1-92d2-be3789365ae5n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7PpCx6a9J__vv7G-oYC0ssUbZbW%2Ba8_bWsS0_Na-6dyw%40mail.gmail.com.
