[JENKINS-71912] JIRA Pipeline Steps Vulnerabilities

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: jira-steps-plugin
Labels:
Environment:
Jenkins v2.4.18
Jira Pipeline Steps v2.0.165.v8846cf59f3db

Similar Issues:
Powered by SuggestiMate

Show
URL:
https://plugins.jenkins.io/jira-steps/

The Jira Pipeline Steps plugin currently has two security vulnerabilities assigned to it:

These are preventing me from using this plugin in our CI/CD pipelines and it would be really nice to have these resolved as it would streamline/automate the processes we have in place by a lot!

Andrew created issue - 2023-08-28 14:13

Mark Waite added a comment - 2023-08-28 17:41

andrewk_7 before the vulnerabilities were disclosed, the plugin maintainer was contacted by the security team and invited to resolve the issues. The maintainer chose not to resolve those vulnerabilities. Creating a new issue report that asks the maintainer to resolve the issues is unlikely to persuade the maintainer to resolve the issues.

You're more likely to persuade the maintainer by providing an implementation of the fixes for those issues. The plugin source code is https://github.com/jenkinsci/jira-steps-plugin . When the fixes are ready, you can run them yourself, confirm they work, and share them with the community as a pull request.

Mark Waite added a comment - 2023-08-28 17:41 andrewk_7 before the vulnerabilities were disclosed, the plugin maintainer was contacted by the security team and invited to resolve the issues. The maintainer chose not to resolve those vulnerabilities. Creating a new issue report that asks the maintainer to resolve the issues is unlikely to persuade the maintainer to resolve the issues. You're more likely to persuade the maintainer by providing an implementation of the fixes for those issues. The plugin source code is https://github.com/jenkinsci/jira-steps-plugin . When the fixes are ready, you can run them yourself, confirm they work, and share them with the community as a pull request.

Stuart Rowe made changes - 2024-09-06 21:01

Assignee

Original: Naresh Rayapati [ nrayapati ]

New: Stuart Rowe [ stuartrowe ]

Stuart Rowe made changes - 2024-09-06 21:01

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Stuart Rowe made changes - 2024-09-06 21:01

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Stuart Rowe added a comment - 2024-09-06 21:02 - edited

https://github.com/jenkinsci/jira-steps-plugin/pull/189
https://github.com/jenkinsci/jira-steps-plugin/pull/190

Stuart Rowe added a comment - 2024-09-06 21:02 - edited https://github.com/jenkinsci/jira-steps-plugin/pull/189 https://github.com/jenkinsci/jira-steps-plugin/pull/190

Naresh Rayapati added a comment - 2025-02-21 12:29

Merged above PRs and released a new version.

Naresh Rayapati added a comment - 2025-02-21 12:29 Merged above PRs and released a new version.

Naresh Rayapati made changes - 2025-02-21 12:30

Resolution		New: Fixed [ 1 ]
Status	Original: In Review [ 10005 ]	New: Resolved [ 5 ]

Assignee:: Stuart Rowe

Reporter:: Andrew

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023-08-28 14:13

Updated:: 2025-02-21 12:30

Resolved:: 2025-02-21 12:30

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Mark Waite added a comment - 2023-08-28 17:41

Expand comment: Mark Waite added a comment - 2023-08-28 17:41

Collapse comment: Stuart Rowe added a comment - 2024-09-06 21:02, Edited by Stuart Rowe - 2024-09-09 18:18

Expand comment: Stuart Rowe added a comment - 2024-09-06 21:02, Edited by Stuart Rowe - 2024-09-09 18:18

Collapse comment: Naresh Rayapati added a comment - 2025-02-21 12:29

Expand comment: Naresh Rayapati added a comment - 2025-02-21 12:29

People

Dates