Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65161

Remove commons-digester from Core

    XMLWordPrintable

    Details

    • Type: Task
    • Status: In Progress (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Currently commons-digester 2.1 is triggering some security alerts on scanner. 

      Digester is not used in core but exposed to some plugins which use it.

      With the help of https://github.com/jenkins-infra/usage-in-plugins    we found the class 

      A draft PR has been opened here https://github.com/jenkinsci/jenkins/pull/5320  for discussion.

      I would personally remove it from core and make some PRs on plugins using it (except very old plugins not anymore maintained)

       

       

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          No objections from me. All plugins are ether barely used or easily patchable 

          Show
          oleg_nenashev Oleg Nenashev added a comment - No objections from me. All plugins are ether barely used or easily patchable 
          Hide
          olamy Olivier Lamy added a comment -

          PR https://github.com/jenkinsci/jenkins/pull/5320 see dependant PRs as well 

          Show
          olamy Olivier Lamy added a comment - PR https://github.com/jenkinsci/jenkins/pull/5320  see dependant PRs as well 

            People

            Assignee:
            olamy Olivier Lamy
            Reporter:
            olamy Olivier Lamy
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: