Closed basil closed 1 year ago
SEVERITY | DIRECT DEPENDENCIES | DIRECT DEPENDENCIES VERSIONS | IMPACTED DEPENDENCY NAME | IMPACTED DEPENDENCY VERSION | FIXED VERSIONS | CVE |
---|---|---|---|---|---|---|
High |
org.jenkins-ci.plugins:jackson2-api | 2.13.3-285.vc03c0256d517 | com.fasterxml.jackson.core:jackson-databind | 2.13.3 | [2.12.7.1] [2.13.4] |
CVE-2022-42004 |
High |
org.jenkins-ci.plugins:jackson2-api | 2.13.3-285.vc03c0256d517 | com.fasterxml.jackson.core:jackson-databind | 2.13.3 | [2.12.7.2] [2.13.4.1] [2.14.0] |
CVE-2022-42003 |
This plugin is unnecessarily large in footprint: it bundles a large number of plugins that are either provided by core (and therefore loaded from core rather than this plugin's
WEB-INF/lib
directory) or library Jenkins plugins. For example, core bundlessymbol-annotation
already. See this page for more information. This PR implements dynamic linking and slims down this plugin's footprint: