Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65161

Remove commons-digester from Core

    XMLWordPrintable

Details

    • Task
    • Status: In Progress (View Workflow)
    • Major
    • Resolution: Unresolved
    • core
    • None

    Description

      Currently commons-digester 2.1 is triggering some security alerts on scanner. 

      Digester is not used in core but exposed to some plugins which use it.

      With the help of https://github.com/jenkins-infra/usage-in-plugins    we found the class 

      A draft PR has been opened here https://github.com/jenkinsci/jenkins/pull/5320  for discussion.

      I would personally remove it from core and make some PRs on plugins using it (except very old plugins not anymore maintained)

       

       

      Attachments

        Activity

          oleg_nenashev Oleg Nenashev added a comment -

          No objections from me. All plugins are ether barely used or easily patchable 

          oleg_nenashev Oleg Nenashev added a comment - No objections from me. All plugins are ether barely used or easily patchable 
          olamy Olivier Lamy added a comment -

          PR https://github.com/jenkinsci/jenkins/pull/5320 see dependant PRs as well 

          olamy Olivier Lamy added a comment - PR https://github.com/jenkinsci/jenkins/pull/5320  see dependant PRs as well 

          People

            olamy Olivier Lamy
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: