-
Bug
-
Resolution: Unresolved
-
Blocker
-
Jenkins ver. 2.46.1
External Resource Dispatcher plugin 1.1.0
Build Flow plugin 0.20
Build Flow Plugin (0.20) is now deprecated, and has a "Arbitrary code execution vulnerability". So Jenkins complains about that in "Manage Jenkins" and on main page.
I want to uninstall that plugin as now build pipeline should be used instead but I can't because I use the external resource dispatcher plugin.
Can you please create a new version that drops support for (and dependency to) build flow plugin?
[JENKINS-43497] Remove dependency on obsolete "Build flow" plugin which has a security vulnerability
Should this case still be in "Open"? I see a pull req. was merged for it (thanks 
).
Or are you waiting for it to be released?
Andrei Costescu
added a comment - - edited Should this case still be in "Open"? I see a pull req. was merged for it (thanks ).
Or are you waiting for it to be released? Andrei Costescu
added a comment - No new plugin version was released yet.
When is the next version of the plugin scheduled to be released?
Andrei Costescu
added a comment - No new plugin version was released yet.
When is the next version of the plugin scheduled to be released? 
Code changed in jenkins
User: Sean Jones
Path:
.gitignore
pom.xml
src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/extensions/BuildFlowPluginExtension.java
src/main/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/JsonRpcUtil.java
src/test/java/com/sonyericsson/jenkins/plugins/externalresource/dispatcher/utils/resourcemanagers/ExternalResourceManagerTest.java
http://jenkins-ci.org/commit/external-resource-dispatcher-plugin/c19f9572f40f59b8c198ef659586139b4526d7db
Log:
Merge pull request #8 from rsandell/optional-build-flow-dep
JENKINS-43497 Make Build Flow Plugin an optional dependency
Compare: https://github.com/jenkinsci/external-resource-dispatcher-plugin/compare/97514a8898f1...c19f9572f40f