• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core

      https://github.com/jenkinsci/jenkins/pull/5685 updated XStream (Jenkins 2.309 and higher).

      The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

      This is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

      See also https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhc 

          [JENKINS-66507] update xstream to 1.4.18

          James Nord created issue -
          James Nord made changes -
          Labels New: lts-candidate
          James Nord made changes -
          Summary Original: backport xstream update to LTS New: update xstream
          James Nord made changes -
          Remote Link New: This issue links to "PR #5685 (Web Link)" [ 26897 ]
          James Nord made changes -
          Description Original: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream.

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy
          New: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream.

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.
          James Nord made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          James Nord made changes -
          Summary Original: update xstream New: update xstream to 1.4.18
          James Nord made changes -
          Description Original: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream.

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.
          New: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream.

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

          this is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

          See also [https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhc
          James Nord made changes -
          Description Original: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream.

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

          this is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

          See also [https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhc
          New: [https://github.com/jenkinsci/jenkins/pull/5685] updated XStream (Jenkins [2.309|https://github.com/jenkinsci/jenkins/releases/tag/jenkins-2.309] and higher).

          The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

          This is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

          See also [https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhc
          Beatriz Muñoz made changes -
          Labels Original: lts-candidate New: 2.303.2-fixed

            Unassigned Unassigned
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: