KanakamedalaSiri
commented
1 month ago @dhavalpateln Can you please help on updating vulnerable json dependency version to latest.
Open KanakamedalaSiri opened 1 month ago
KanakamedalaSiri
commented
1 month ago @dhavalpateln Can you please help on updating vulnerable json dependency version to latest.
jonesbusy
commented
1 month ago This plugin should not bundle this jar directly but use https://plugins.jenkins.io/json-api/ as dependency
MarkEWaite
commented
1 month ago @KanakamedalaSiri you can use the incremental build of the plugin with the fix for this issue. See the incrementals check for the details.
MarkEWaite
commented
1 month ago @KanakamedalaSiri will you share the results of your use of the incremental build of the plugin?
KanakamedalaSiri
commented
2 weeks ago @KanakamedalaSiri will you share the results of your use of the incremental build of the plugin?
Tested incremental build with our current Jenkins version of 2.462.1. All good in our case with description drop downs.
Previously few attributes like Div id and class are got removed which caused the dropdowns no longer work, now they are good with custom policy.
There is High vulnerability reported with current dependency version of json-20230618.jar. Please bump json-20230618.jar to json-20240303.jar.