-
Patch
-
Resolution: Unresolved
-
Major
-
Non-Prod and Prod
Hello Team,
We are using following plugins with its latest versions. But there are security vulnerabilities involved on these plugin's latest versions and there is no fix available as of now. We needed these plugins but \We are concerned about these plugins version issues. So , can you please provide any fix on these version or please suggest how to handle this case.
Plugins List
- global-build-stats plugin (global-build-stats): 244.v27c8a_2e50a_34 - last released 4 months ago, open vulnerability resolved in latest release
- Performance Plugin (performance): 3.20 - last released 2 months ago, no vulnerabilities open
- Maven Metadata Plugin for Jenkins CI server (maven-metadata-plugin): 2.2 - last released a year ago, 2 vulnerabilities open
- Release Helper Plugin (release-helper): 1.3.3 - last released 5 years ago, 1 vulnerability open
- build-metrics (build-metrics): 1.3 - last released 7 years ago, 3 vulnerabilities open
Thanks,
Sudhir
- links to
[JENKINS-69026] Latest Plugins Versions having Securities Vulnerabilities issues involved
| Description |
Original:
Hello Team,
We are using following plugins with its latest versions. But as we can see, there are security vulnerabilities involved in these latest plugins as well. We needed these plugins but We are concerned about these plugins versions issues. So , can you please provide any fix on these version or please suggest how to handle this case. *Plugins List:* global-build-stats plugin (global-build-stats): 244.v27c8a_2e50a_34 Maven Metadata Plugin for Jenkins CI server (maven-metadata-plugin): 2.2 Performance Plugin (performance): 3.20 Release Helper Plugin (release-helper): 1.3.3 build-metrics (build-metrics): 1.3 Thanks, Sudhir |
New:
Hello Team,
We are using following plugins with its latest versions. But there are security vulnerabilities involved on these plugin's latest versions and there is no fix available as of now. We needed these plugins but \We are concerned about these plugins version issues. So , can you please provide any fix on these version or please suggest how to handle this case. *Plugins List:* global-build-stats plugin (global-build-stats): 244.v27c8a_2e50a_34 Maven Metadata Plugin for Jenkins CI server (maven-metadata-plugin): 2.2 Performance Plugin (performance): 3.20 Release Helper Plugin (release-helper): 1.3.3 build-metrics (build-metrics): 1.3 Thanks, Sudhir |
Mark Symons
made changes -
| Remote Link | New: This issue links to "Merged Fix for SECURITY-2394 (Web Link)" [ 28002 ] |
Mark Symons
made changes -
| Attachment | New: SECURITY-2394-Still=alerting.png [ 59928 ] |
| Description |
Original:
Hello Team,
We are using following plugins with its latest versions. But there are security vulnerabilities involved on these plugin's latest versions and there is no fix available as of now. We needed these plugins but \We are concerned about these plugins version issues. So , can you please provide any fix on these version or please suggest how to handle this case. *Plugins List:* global-build-stats plugin (global-build-stats): 244.v27c8a_2e50a_34 Maven Metadata Plugin for Jenkins CI server (maven-metadata-plugin): 2.2 Performance Plugin (performance): 3.20 Release Helper Plugin (release-helper): 1.3.3 build-metrics (build-metrics): 1.3 Thanks, Sudhir |
New:
Hello Team,
We are using following plugins with its latest versions. But there are security vulnerabilities involved on these plugin's latest versions and there is no fix available as of now. We needed these plugins but \We are concerned about these plugins version issues. So , can you please provide any fix on these version or please suggest how to handle this case. h2. Plugins List * [global-build-stats plugin (global-build-stats): 244.v27c8a_2e50a_34|https://plugins.jenkins.io/global-build-stats/] - last released 4 months ago, open vulnerability resolved in latest release * [Performance Plugin (performance): 3.20|https://plugins.jenkins.io/performance/] - last released 2 months ago, no vulnerabilities open * [Maven Metadata Plugin|https://plugins.jenkins.io/maven-metadata-plugin/] for Jenkins CI server (maven-metadata-plugin): 2.2 - last released a year ago, 2 vulnerabilities open * [Release Helper Plugin (release-helper): 1.3.3|https://plugins.jenkins.io/release-helper/] - last released 5 years ago, 1 vulnerability open * [build-metrics (build-metrics): 1.3|https://plugins.jenkins.io/build-metrics/] - last released 7 years ago, 3 vulnerabilities open Thanks, Sudhir |
| Component/s | Original: global-build-stats-plugin [ 15746 ] | |
| Component/s | Original: performance-plugin [ 15803 ] |
