-
Improvement
-
Resolution: Unresolved
-
Major
-
None
As of https://github.com/advisories/GHSA-j288-q9x7-2f5v core is shipping an old library with an unresolved security vulnerability. It would be ideal if this could be removed from Jenkins core, but before that can happen:
- Jenkins core itself needs to stop consuming it, including our fork of Json-Lib
- Jenkins plugins need to stop consuming it, by migrating either to plain Java Platform functionality or to the Commons Lang 3 Jenkins library plugin
See https://github.com/jenkinsci/jenkins/pull/8996#issuecomment-2033276342 for further discussion.
- links to