is there any issue tracker for issues listed in https://jenkins.io/security/advisory/2017-04-10/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

is there any issue tracker for issues listed in https://jenkins.io/security/advisory/2017-04-10/

Ted Xiao
I am a plugin develop, and I am fixing the issue SECURITY-496 SECURITY-479 , is there any issue tracker to update the status?
I tried https://issues.jenkins-ci.org/browse/SECURITY-496 but not work

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3b1addf7-dcf1-4a6e-aca4-5fdda71247d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: is there any issue tracker for issues listed in https://jenkins.io/security/advisory/2017-04-10/

stephenconnolly
That is the correct URL 

I cannot recall what the policy is on making the SECURITY JIRA issues public. Currently that URL is only visible to the reporter and people on the cert list

On Sun 16 Apr 2017 at 15:01, Ted Xiao <[hidden email]> wrote:
I am a plugin develop, and I am fixing the issue SECURITY-496 SECURITY-479 , is there any issue tracker to update the status?

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3b1addf7-dcf1-4a6e-aca4-5fdda71247d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2BnPnMy1xq6_cz5Cr62D%3DkMtAXByP2NLr%3DVZ-JP%2BOPuWR8a-zw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: is there any issue tracker for issues listed in https://jenkins.io/security/advisory/2017-04-10/

Daniel Beck
In reply to this post by Ted Xiao

> On 16.04.2017, at 16:01, Ted Xiao <[hidden email]> wrote:
>
> I am a plugin develop, and I am fixing the issue SECURITY-496 SECURITY-479 , is there any issue tracker to update the status?
> I tried https://issues.jenkins-ci.org/browse/SECURITY-496 but not work

Hi Ted,

what's your Jira user name? This is the first (and hopefully last) time we had to publish an advisory before even assigning to plugin maintainers, but I can still do that now. The issue would remain private however.

If you prefer to track progress of your fix publicly (so plugin users can see it), just file a new issue and mention that it relates to SECURITY-496.

Daniel

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/2A1F77CE-E8B8-4872-B112-9732F00792F3%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: is there any issue tracker for issues listed in https://jenkins.io/security/advisory/2017-04-10/

Ted Xiao
my jira account is fengxx, I made some changes and introduced SecureGroovyScript for new installment, hope it can mitigate the security issue. 
A new version is published, hope get some review from security experts , and to check is there any other issue to fix.

On Monday, April 17, 2017 at 5:19:53 AM UTC+8, Daniel Beck wrote:

> On 16.04.2017, at 16:01, Ted Xiao <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="B-MHEkW4AQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">xia...@...> wrote:
>
> I am a plugin develop, and I am fixing the issue SECURITY-496 SECURITY-479 , is there any issue tracker to update the status?
> I tried <a href="https://issues.jenkins-ci.org/browse/SECURITY-496" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FSECURITY-496\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGR161Jmon1tqPz1Un_EWQhAgJBkQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fissues.jenkins-ci.org%2Fbrowse%2FSECURITY-496\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGR161Jmon1tqPz1Un_EWQhAgJBkQ&#39;;return true;">https://issues.jenkins-ci.org/browse/SECURITY-496 but not work

Hi Ted,

what's your Jira user name? This is the first (and hopefully last) time we had to publish an advisory before even assigning to plugin maintainers, but I can still do that now. The issue would remain private however.

If you prefer to track progress of your fix publicly (so plugin users can see it), just file a new issue and mention that it relates to SECURITY-496.

Daniel

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ecb87dec-d8ae-4268-a3e9-b7ef3750186d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...