• Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major Major
    • core
    • None

      Currently commons-digester 2.1 is triggering some security alerts on scanner. 

      Digester is not used in core but exposed to some plugins which use it.

      With the help of https://github.com/jenkins-infra/usage-in-plugins    we found the class 

      A draft PR has been opened here https://github.com/jenkinsci/jenkins/pull/5320  for discussion.

      I would personally remove it from core and make some PRs on plugins using it (except very old plugins not anymore maintained)

       

       

          [JENKINS-65161] Remove commons-digester from Core

          Oleg Nenashev added a comment -

          No objections from me. All plugins are ether barely used or easily patchable 

          Oleg Nenashev added a comment - No objections from me. All plugins are ether barely used or easily patchable 

          Olivier Lamy added a comment -

          PR https://github.com/jenkinsci/jenkins/pull/5320 see dependant PRs as well 

          Olivier Lamy added a comment - PR https://github.com/jenkinsci/jenkins/pull/5320  see dependant PRs as well 

            olamy Olivier Lamy
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: