-
Bug
-
Resolution: Unresolved
-
Minor
The mask-passwords plugin contains CVE-2019-10370 for which there is no released fix; however, the Logstash plugin depends on this plugin:
https://github.com/jenkinsci/logstash-plugin/blob/master/pom.xml#L162
[JENKINS-58849] Logstash plugin: requires insecure "mask-passwords"
Tyler Cipriani
created issue -
Jakub Bochenski
made changes -
| Resolution | New: Cannot Reproduce [ 5 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
Tyler Cipriani
added a comment - In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin"
Tyler Cipriani
added a comment - In the Jenkins UI "This plugin cannot be uninstalled it has one or more dependents Logstash" when I hover over "Uninstall" for "Mask Passwords Plugin" 
Tyler Cipriani
added a comment - Tyler Cipriani
made changes -
| Resolution | Original: Cannot Reproduce [ 5 ] | |
| Status | Original: Closed [ 6 ] | New: Reopened [ 4 ] |
Jakub Bochenski
added a comment - Please try upgrading the plugin to latest version, as old versions depended on mask-passwords
Jakub Bochenski
added a comment - Please try upgrading the plugin to latest version, as old versions depended on mask-passwords 
The dependency you link to is only used in test (as can be seen by it's scope).
I fail to see why it would be a problem. Please reopen if I'm missing something