Closed knoobie closed 1 year ago
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
@yahavi I've updated build-info to a version that can handle Apache Maven 3.9.2. Currently this plugin is broken again.
SEVERITY | DIRECT DEPENDENCIES | DIRECT DEPENDENCIES VERSIONS | IMPACTED DEPENDENCY NAME | IMPACTED DEPENDENCY VERSION | FIXED VERSIONS | CVE |
---|---|---|---|---|---|---|
High |
org.jenkins-ci.plugins.workflow:workflow-multibranch | 2.17 | org.jenkins-ci.plugins.workflow:workflow-multibranch | 2.17 | [2.23.1] [2.26.1] [696.698.v9b4218eea50f] [707.v71c3f0a] |
CVE-2022-25175 |
Medium |
org.jenkins-ci.plugins:matrix-project | 1.18 | org.jenkins-ci.plugins:matrix-project | 1.18 | [1.18.1] [1.20] |
CVE-2022-20615 |
Medium |
org.jenkins-ci.plugins:mailer | 1.32.1 | org.jenkins-ci.plugins:mailer | 1.32.1 | [1.34.2] [408.vd726a] |
CVE-2022-20614 |
Medium |
org.jenkins-ci.plugins:mailer | 1.32.1 | org.jenkins-ci.plugins:mailer | 1.32.1 | [1.34.2] [408.vd726a] |
CVE-2022-20613 |
Medium |
org.jenkins-ci.plugins.workflow:workflow-multibranch | 2.17 | org.jenkins-ci.plugins.workflow:workflow-multibranch | 2.17 | [2.23.1] [2.26.1] [696.698.v9b4218eea50f] [707.v71c3f0a] |
CVE-2022-25179 |
You can close my PR and continue with your if that's easier for you to get done because of missing credentials as external contributor and so on - I'm just glad the topic got topic got picked up. 👌
Hi @knoobie, We have released Jenkins Artifactory plugin 3.18.4 with the fix. This version will be available in the Jenkins plugins center in a few hours. Please feel free to upgrade and provide us with your feedback.
[x] All static analysis checks passed.