Artifact deployer plugin security issues fixed but warnings remain

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Artifact deployer plugin security issues fixed but warnings remain

Franck Gilliers
Hi,

I have to update plugin artifact deployer on site, but warnings on security vulnerabilities prevent this task.

Sean, the maintener of the plugin does not seem to know how to remove this warning, although he updated the plugin to version 1.2 and fixed these issues.

Please could you update related information or give the entry point to update this information ?

Best regards
Franck

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/003c9ca0-d128-4856-8371-8645160466c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Artifact deployer plugin security issues fixed but warnings remain

Arnaud Tamaillon
Hi,

The warnings are managed through the https://github.com/jenkins-infra/backend-update-center2 repository.
So a PR has to be filled to removed the warnings, most probably to modify the pattern of vulnerable versions here: https://github.com/jenkins-infra/backend-update-center2/blob/master/src/main/resources/warnings.json#L349

Regards,

Arnaud


Le vendredi 22 décembre 2017 16:51:09 UTC+1, Franck Gilliers a écrit :
Hi,

I have to update plugin <a href="https://wiki.jenkins.io/display/JENKINS/ArtifactDeployer+Plugin" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FArtifactDeployer%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGDEl1-uEmAr-l2Uay3XYe8ej2DtA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FArtifactDeployer%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGDEl1-uEmAr-l2Uay3XYe8ej2DtA&#39;;return true;">artifact deployer on site, but warnings on security vulnerabilities prevent this task.

Sean, the maintener of the plugin does not seem to know how to remove this warning, although he updated the plugin to version 1.2 and fixed these issues.

Please could you update related information or give the entry point to update this information ?

Best regards
Franck

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/94af1ce8-bc9d-4b24-8c45-1c761c1a4055%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Artifact deployer plugin security issues fixed but warnings remain

Franck Gilliers
Thanks Arnaud,

the PR was merged, I do not have anymore a warning on the Jenkins administrative console.
Next step: I need to update the wiki to remove the warnings (they are fixed)

The warnings are provided by the Confluence macro {jenkins-plugin-info:artifactdeployer}
So How can I update this jenkins-plugin-info ?


--
Franck

On Saturday, December 23, 2017 at 11:01:15 AM UTC+1, Arnaud Tamaillon wrote:
Hi,

The warnings are managed through the <a href="https://github.com/jenkins-infra/backend-update-center2" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkins-infra%2Fbackend-update-center2\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5ybntH5dWBFRBN31oSE3jQyRLjw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkins-infra%2Fbackend-update-center2\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5ybntH5dWBFRBN31oSE3jQyRLjw&#39;;return true;">https://github.com/jenkins-infra/backend-update-center2 repository.
So a PR has to be filled to removed the warnings, most probably to modify the pattern of vulnerable versions here: <a href="https://github.com/jenkins-infra/backend-update-center2/blob/master/src/main/resources/warnings.json#L349" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkins-infra%2Fbackend-update-center2%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fresources%2Fwarnings.json%23L349\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGRXvuHKPMu-47uPzuaNd5h_q-dbA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkins-infra%2Fbackend-update-center2%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fresources%2Fwarnings.json%23L349\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGRXvuHKPMu-47uPzuaNd5h_q-dbA&#39;;return true;">https://github.com/jenkins-infra/backend-update-center2/blob/master/src/main/resources/warnings.json#L349

Regards,

Arnaud


Le vendredi 22 décembre 2017 16:51:09 UTC+1, Franck Gilliers a écrit :
Hi,

I have to update plugin <a href="https://wiki.jenkins.io/display/JENKINS/ArtifactDeployer+Plugin" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FArtifactDeployer%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGDEl1-uEmAr-l2Uay3XYe8ej2DtA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins.io%2Fdisplay%2FJENKINS%2FArtifactDeployer%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGDEl1-uEmAr-l2Uay3XYe8ej2DtA&#39;;return true;">artifact deployer on site, but warnings on security vulnerabilities prevent this task.

Sean, the maintener of the plugin does not seem to know how to remove this warning, although he updated the plugin to version 1.2 and fixed these issues.

Please could you update related information or give the entry point to update this information ?

Best regards
Franck

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/66c84208-819a-4d77-9492-36297a35c53d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Artifact deployer plugin security issues fixed but warnings remain

Daniel Beck

> On 25. Jan 2018, at 10:02, Franck Gilliers <[hidden email]> wrote:
>
> the PR was merged, I do not have anymore a warning on the Jenkins administrative console.
> Next step: I need to update the wiki to remove the warnings (they are fixed)

Caches be caching.

https://wiki.jenkins.io/display/JENKINS/ArtifactDeployer+Plugin?nocache

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/F4F6034C-B05E-46D5-A80D-BA1063450AE6%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.