Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28687

spring version (2.5.x) is ancient and not compatable with many new libraries

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core

      The spring version 2.5 used in core is very old and this makes it problematic when trying to integrate jenkins with another component, or integrating components within jenkins as most things have moved way passed 2.5 to 4.x.

      Note - this may also require an upgrade of groovy.

          [JENKINS-28687] spring version (2.5.x) is ancient and not compatable with many new libraries

          James Nord created issue -
          James Nord made changes -
          Summary Original: spring version is ancient and not compatable with many new libraries New: spring version (2.5.x) is ancient and not compatable with many new libraries
          Daniel Beck made changes -
          Link New: This issue is related to JENKINS-21249 [ JENKINS-21249 ]

          Daniel Beck added a comment -

          At the same time, any upgrade of this will also be a breaking change for anything that already integrates, right?

          Daniel Beck added a comment - At the same time, any upgrade of this will also be a breaking change for anything that already integrates, right?

          James Nord added a comment -

          Spring trieds to retain backwards compatability.

          There are a few noteable exceptions, so any upgrade is not without risks

          James Nord added a comment - Spring trieds to retain backwards compatability. There are a few noteable exceptions, so any upgrade is not without risks
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 163541 ] New: JNJira + In-Review [ 181278 ]
          Ethan Young made changes -
          Priority Original: Minor [ 4 ] New: Major [ 3 ]
          Ethan Young made changes -
          Labels New: security

          Ethan Young added a comment -

          Upgrading the Spring framework will also resolve security issues. Specifically, CVE-2017-8046 is an expression language injection vulnerability in the Spring Data REST library v2.6.8 and earlier.

          Ethan Young added a comment - Upgrading the Spring framework will also resolve security issues. Specifically, CVE-2017-8046 is an expression language injection vulnerability in the Spring Data REST library v2.6.8 and earlier.

          Daniel Beck added a comment -

          eyoung If you actually find a way to exploit it in Jenkins, please file an issue as described here:

          https://jenkins.io/security/#reporting-vulnerabilities

          Daniel Beck added a comment - eyoung If you actually find a way to exploit it in Jenkins, please file an issue as described here: https://jenkins.io/security/#reporting-vulnerabilities

            Unassigned Unassigned
            teilo James Nord
            Votes:
            5 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: