[JENKINS-68527] Old Plugin Version (1.4.10) on Jenkins 2.332.3 LTS

Type: Task
Resolution: Fixed
Priority: Minor
Component/s: rocket-chat-notifier-plugin
Labels:
None
Environment:
Docker
Jenkins 2.332.3 (LTS)

Similar Issues:
Powered by SuggestiMate

Show

Hi,

we are getting CVE Errors on our Jenkins 2.332.3 (LTS) which i think they are already fixed in Version 1.5.1.

But unfortunately on Jenkins LTS the latest Version of the Plugin is 1.4.10.

The CVE Errors we are getting are:

SECURITY-2241 / CVE-2022-28138 (CSRF), CVE-2022-28139 (missing permission check)

What's the reason that the Plugin on the LTS Version of Jenkins will not be updated?

Nicolo Mendola created issue - 2022-05-13 06:03

Martin Reinhardt made changes - 2022-06-07 04:08

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Martin Reinhardt added a comment - 2022-06-07 04:11

Sorry for my late response.

The breaking change was not happening by intentation. Fixed that with Release 1.5.2

Martin Reinhardt added a comment - 2022-06-07 04:11 Sorry for my late response. The breaking change was not happening by intentation. Fixed that with Release 1.5.2

Martin Reinhardt made changes - 2022-06-07 04:12

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

Nicolo Mendola added a comment - 2022-06-07 05:38

Hi mreinhardt ,

that means only User which uses the latest Jenkins Release (not the LTS Release) , can get the latest Plugin Updates?

Shouldn't Security fixes normally commited in the Release Version from the LTS Branch (1.4.10) and merged into dev/latest?

Best Regards

Nicolo Mendola added a comment - 2022-06-07 05:38 Hi mreinhardt , that means only User which uses the latest Jenkins Release (not the LTS Release) , can get the latest Plugin Updates? Shouldn't Security fixes normally commited in the Release Version from the LTS Branch (1.4.10) and merged into dev/latest? Best Regards

Martin Reinhardt added a comment - 2022-06-07 06:37

no I'm totally with you.

It was a fault from my side. The release from today should be also available to LTS release...

PS: Plugins in Jenkins are totally independent from Jenkins branching ....

Martin Reinhardt added a comment - 2022-06-07 06:37 no I'm totally with you. It was a fault from my side. The release from today should be also available to LTS release... PS: Plugins in Jenkins are totally independent from Jenkins branching ....

Nicolo Mendola added a comment - 2022-06-07 08:20

Thank you for the clarification!

Yes, now i see the update.

Nicolo Mendola added a comment - 2022-06-07 08:20 Thank you for the clarification! Yes, now i see the update.

Assignee:: Martin Reinhardt

Reporter:: Nicolo Mendola

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022-05-13 06:03

Updated:: 2022-06-07 08:20

Resolved:: 2022-06-07 04:12

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Martin Reinhardt added a comment - 2022-06-07 04:11

Expand comment: Martin Reinhardt added a comment - 2022-06-07 04:11

Collapse comment: Nicolo Mendola added a comment - 2022-06-07 05:38

Expand comment: Nicolo Mendola added a comment - 2022-06-07 05:38

Collapse comment: Martin Reinhardt added a comment - 2022-06-07 06:37

Expand comment: Martin Reinhardt added a comment - 2022-06-07 06:37

Collapse comment: Nicolo Mendola added a comment - 2022-06-07 08:20

Expand comment: Nicolo Mendola added a comment - 2022-06-07 08:20

People

Dates