Release plugin XSS vulnerability - alternatives?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Release plugin XSS vulnerability - alternatives?

David Hearn

Hi

 

Jenkins is reporting that the Release plugin (https://plugins.jenkins.io/release/) has a Stored XSS vulnerability (https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-1928) meaning it may not be safe to use.  Given this plugin appears to have not been updated in 2 years, I’m not expecting any imminent security fixes.

 

Can anyone recommend any alternative plugins or methods to replicate what this plugin does?  Some of the particularly useful bits were input parameters for a release build – both dynamic and choices from a list, but I’m sure there’s other things which it made easier as well.

 

Thanks

 

David

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5468593c0fff4297986f275fbbf87af6%40Exchange13.consulthyperion.com.