Hervé is a site reliability engineer working on the Jenkins project infrastructure.
A critical security vulnerability has been identified in the popular "Apache Log4j 2" library.
This vulnerability is identified as CVE-2021-44228.
Log4j in Jenkins
The Jenkins security team has confirmed that Log4j is not used in Jenkins core.
Jenkins plugins may be using Log4j.
You can identify whether Log4j is included with any plugin by running the following Groovy script in the Script Console:
If this results in the following error,...