That's unrelated to Jenkins per se. This directory is the maven cache, also called 'local repository'.
My theory is that you have a job or more that uses maven with default values. I suspect you even run these on the controller itself... Some of your job(s) build(s) a software of yours that depends on a vulnerable version of log4j. Le jeu. 16 déc. 2021 à 19:15, [email protected] <[email protected]> a écrit : > Hi all. Getting popped by our security team for an old version of log4j. > I've checked and we don't have any of the plugins installed identified by > the following issue: > > https://issues.jenkins.io/browse/JENKINS-67353 > > Here's the info from the scan: > > Plugin Output: > Path : > /opt/jenkins/.m2/repository/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.pom.sha1 > Installed version : 2.14.1 > Fixed version : 2.15.0 > > Anyone have a clue on how I go about upgrading this? > > Thanks, > Eric > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/0e0194bf-3090-43e1-92d2-be3789365ae5n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/0e0194bf-3090-43e1-92d2-be3789365ae5n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7PpCx6a9J__vv7G-oYC0ssUbZbW%2Ba8_bWsS0_Na-6dyw%40mail.gmail.com.
