Blocker Please upgrade Acegi Security to the latest Spring Security release. Acegi Security it's old and deprecated.
- blocks
-
JENKINS-54015 ldap authentication problem
-
- Open
-
- is blocked by
-
JENKINS-41827 JenkinsRule mode to use realistic class loading
-
- Resolved
-
- is blocking
-
-
- Closed
-
-
JENKINS-14520 LDAP Plugin should support StartTLS extension
-
- In Progress
-
-
-
- Resolved
-
- relates to
-
-
- Open
-
-
JENKINS-49555 Split most of Spring Framework out of core
-
- Resolved
-
- links to
[JENKINS-5303] Upgrade Acegi Security to the latest Spring Security release
nicusorb
created issue -
| Component/s | New: security [ 15508 ] |
| Link | New: This issue is blocking JENKINS-14520 [ JENKINS-14520 ] |
| Assignee | New: Kohsuke Kawaguchi [ kohsuke ] |
| Component/s | New: core [ 15593 ] | |
| Component/s | Original: security [ 15508 ] | |
| Labels | New: security |
Rob Winch
added a comment - Acegi Security's last commit was over 7 years ago. There have been many CVE's reported and fixed within the maintained versions of Spring Security. For this reason I believe this issue should be considered a high priority.
Note that it appears that the Hudson team has already updated to Spring Security 3.2.x.
Rob Winch
added a comment - Acegi Security's last commit was over 7 years ago. There have been many CVE's reported and fixed within the maintained versions of Spring Security. For this reason I believe this issue should be considered a high priority.
Note that it appears that the Hudson team has already updated to Spring Security 3.2.x. | Labels | Original: security | New: 2.0 security |
| Priority | Original: Major [ 3 ] | New: Blocker [ 1 ] |
In 2015 it's Blocker. Jenkins ships acegi-security released in 2008.
FYI, as per this discussion such an upgrade was rejected by Kohsuke. The work done towards this upgrade was archived here:
https://svn.dev.java.net/svn/hudson/branches/springframework2
Likely only if lots of people vote for this issue will an upgrade be done.