Update pac4j in saml plugin

XMLWordPrintable

    • Type: Task
    • Resolution: Fixed
    • Priority: Minor
    • Component/s: saml-plugin
    • None
    • 4.352.vb_722786ea_79d

      As support is being dropped for Java 8, this allows to update pac4j further.

      The old pac4j has a security issue picked up by scanner but it has no impact on SAML pluin as it does not use 

      pac4j-openid

       

      cve GHSA-xhw6-hjc9-679m
      severity High
      feed vulnerabilities
      feed_group github:java
      package pac4j-core-3.9.0
      package_path /usr/share/jenkins/jenkins.war:WEB-INF/plugins/saml.hpi:WEB-INF/lib/pac4j-core-3.9.0.jar
      package_type java
      package_version 3.9.0
      fix 5.2.0
      url CVE-2021-44878 - GitHub Advisory Database
      inherited no_data
      description none
      nvd_cvss_v2_vector  
      nvd_cvss_v3_vector  
      vendor_cvss_v2_vector  
      vendor_cvss_v3_vector  

            Assignee:
            Alina Strohaya
            Reporter:
            Alina Strohaya
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: