Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-72981

Remove Commons Lang 2 from core

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • core
    • None

      As of https://github.com/advisories/GHSA-j288-q9x7-2f5v core is shipping an old library with an unresolved security vulnerability. It would be ideal if this could be removed from Jenkins core, but before that can happen:

      • Jenkins core itself needs to stop consuming it, including our fork of Json-Lib
      • Jenkins plugins need to stop consuming it, by migrating either to plain Java Platform functionality or to the Commons Lang 3 Jenkins library plugin

      See https://github.com/jenkinsci/jenkins/pull/8996#issuecomment-2033276342 for further discussion.

            Unassigned Unassigned
            bobdu Bob
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: