OK, so this isn't going so hot. There is no .m2/settings.xml file. There
are settings.xml for each of the Maven versions under
~/tools/hudson.tasks.Maven_MavenInstallation/Maven-X.X/conf. This has the
"localRepository" node but it's commented out. Should I set the value
"/var/lib/jenkins/.m
Thanks, deleted it for short term solution and looking into the "Even
Better" solution at your link. Much appreciated!
On Friday, December 17, 2021 at 4:12:50 AM UTC-7 bma...@gmail.com wrote:
> Yeah you can definitely wipe out this whole tree.
>
> I wrote an eternity ago about this:
>
>
> htt
Yeah you can definitely wipe out this whole tree.
I wrote an eternity ago about this:
https://batmat.net/2009/10/09/hudson-how-to-set-a-private-maven-repository-by-job-and-easily-be-able-to-delete-them/
Some of it is a bit old but the principles remain true today: you _should_
even do it on a r
Thanks a ton, great cud to chew on! Now I think I know the culprit and
it's been deprecated. Guessing I can just delete that log4j directory and
be done with it.
On Thursday, December 16, 2021 at 1:12:28 PM UTC-7 nhoj.p...@gmail.com
wrote:
> I would exclude /opt/jenkins/.m2/repository from a
I would exclude /opt/jenkins/.m2/repository from any scans, as already
mentioned that is the local maven cache.
Also if you don't maintain that, it will grow and grow.
Personally I update build jobs so they each have their own maven cache
using -Dmaven.repo.local=mvn-repo then delete that after you
That's unrelated to Jenkins per se. This directory is the maven cache, also
called 'local repository'.
My theory is that you have a job or more that uses maven with default
values. I suspect you even run these on the controller itself...
Some of your job(s) build(s) a software of yours that depen
Hmmm, found this page:
https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
So I ran the script in the script console and got the error indicating that
log4j is not included in any installed and enabled plugin. Anyone have a
clue?
Thanks,
Eric
On Thursday, December 16, 2021 at 1
Hi all. Getting popped by our security team for an old version of log4j.
I've checked and we don't have any of the plugins installed identified by
the following issue:
https://issues.jenkins.io/browse/JENKINS-67353
Here's the info from the scan:
Plugin Output:
Path :
/opt/je
