-
Bug
-
Resolution: Fixed
-
Major
(Given the nature of this feature I'd really like to have it in LTS ASAP, therefore marking this as Bug so it shows up on the candidates list)
As announced on the developers mailing list, we will start releasing security advisories about unmaintained plugins with security vulnerabilities without a fix if necessary:
https://groups.google.com/d/msg/jenkinsci-dev/NaAqqChOVmY/BvA_TuzjAQAJ
These plugins need to be marked as 'unsafe' in Jenkins.
- backend-update-center2 needs to be extended (perhaps as separate Downloadable?)
- Core needs to be extended to
- consume the new metadata
- show warnings in appropriate places (admin monitor for installed plugins, plugin manager for updates and available/installed plugins)
- links to
[JENKINS-40494] Administrative monitor for installed unsafe plugins
Remote Link | New: This issue links to "PR 2680 (Web Link)" [ 15162 ] |
Link | New: This issue is related to INFRA-1022 [ INFRA-1022 ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Link | New: This issue is related to WEBSITE-277 [ WEBSITE-277 ] |
Rank | New: Ranked higher |
Rank | New: Ranked higher |
Link | New: This issue is related to INFRA-1028 [ INFRA-1028 ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Review [ 10005 ] | New: Resolved [ 5 ] |
Labels | Original: lts-candidate security | New: 2.32.2-fixed security |