Android Emulator Plugin has Port Allocator ≥ 1.8 as a required dependency.

      Port Allocator Plugin has not been updated in 9 years.  It has a security advisory SECURITY-1441 (CVE-2019-10350)

      How can this be resolved? Switch Android Emulator to use an alternative to Port Allocator? Adopt Port Allocator and fix the advisory and release a new version of Port Allocator that would be safe to use? Something else?

       

          [JENKINS-68876] Usage of insecure port allocator plugin

          Nikolas Falco added a comment - - edited

          Hi, there was a plan to remove port allocator at all but I have to say that also android emulator plugin is no more maintained. I implement pipeline in a branch but since my company dismiss develop on android I did not work anymore on it.
          So actually I do not know what do. This plugin does not use port allocator storing any kind of credentials.
          Faster/easier way is (someone) adport port allocator plugin, fix security issue and enable it to support pipelines (so we can move this plugin also easier).

          Nikolas Falco added a comment - - edited Hi, there was a plan to remove port allocator at all but I have to say that also android emulator plugin is no more maintained. I implement pipeline in a branch but since my company dismiss develop on android I did not work anymore on it. So actually I do not know what do. This plugin does not use port allocator storing any kind of credentials. Faster/easier way is (someone) adport port allocator plugin, fix security issue and enable it to support pipelines (so we can move this plugin also easier).

          Nikolas Falco added a comment -

          In real there is also a couple interesting PRs
          for example: https://github.com/jenkinsci/port-allocator-plugin/pull/10

          but need to be re-worked a bit to satisfy reviewers comment/doubts

          Nikolas Falco added a comment - In real there is also a couple interesting PRs for example: https://github.com/jenkinsci/port-allocator-plugin/pull/10 but need to be re-worked a bit to satisfy reviewers comment/doubts

            nfalco Nikolas Falco
            msymons Mark Symons
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: