search

nodejs / build

Better build and test infra for Node.
503 stars 165 forks source link

Jenkins security advisory 2023-03-21 #3244

Closed richardlau closed 7 months ago

richardlau commented 1 year ago

Refs: https://groups.google.com/g/jenkinsci-advisories/c/rjgqcnVL9Ww/m/H0BTQyzRFAAJ

The following Jenkins plugin updates contain fixes for security vulnerabilities:

  • JaCoCo Plugin 3.3.2.1
  • OctoPerf Load Testing Plugin 4.5.1, 4.5.2, and 4.5.3
  • Pipeline Aggregator View Plugin 1.14
  • Role-based Authorization Strategy Plugin 587.588.v850a_20a_30162

Additionally, we announce unresolved security issues in the following plugins:

  • AbsInt a³ Plugin
  • Convert To Pipeline Plugin
  • Cppcheck Plugin
  • Crap4J Plugin
  • Mashup Portlets Plugin
  • Performance Publisher Plugin
  • Phabricator Differential Plugin
  • remote-jobs-view-plugin Plugin
  • Visual Studio Code Metrics Plugin

Please see the advisory for more information: https://www.jenkins.io/security/advisory/2023-03-21/

While we have Role-based Authorization Strategy installed, I don't believe we're using it -- we're using Matrix Authorization Strategy. Maybe we should remove it.

mhdawson commented 1 year ago

If we are not using it, removing it makes sense to me.

github-actions[bot] commented 8 months ago

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.