Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency org.jenkins-ci.plugins.workflow:workflow-support to v2.18 [security] #5021

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency org.jenkins-ci.plugins.workflow:workflow-support to v2.18 [security] #5021

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 27, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.jenkins-ci.plugins.workflow:workflow-support 2.13 -> 2.18 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2018-1000058

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.

Release Notes

jenkinsci/workflow-support-plugin (org.jenkins-ci.plugins.workflow:workflow-support)

v2.18

Release date: 2018-02-05

v2.17

Release date: 2018-01-22

  • Major Feature: Add APIs for FlowNodeStorage to provide more
    granular control of when/how they write to disk 
    (JENKINS-47172)
    • Allows for deferred writes, where a FlowNode has all its actions
      attached before being written (cuts writes ~1/2 or more)
    • Provides facilities a bit like DB transactions
  • Major Feature: New and MUCH more efficient pipeline FlowNode
    storage 
    (JENKINS-47173)
    • Stores all FlowNodes in a single file, allowing for much faster
      bulk streaming read/writes, and faster access.
    • Available with the performance-optimized durability setting -
      see Jenkins documentation for Pipeline Scalability for what you
      need to enable this.
  • Enhancement:  More compact representation of FlowNodes by using
    XStream Aliases
    (JENKINS-49084)
    • Applies to all of the FlowNode storage engines, and reduces
      size-on-disk (and data written) by about 30%
    • Compatibility note: after this change, builds with this plugin
      version CANNOT be read by older versions of this plugin
  • Feature: utility API to switch between atomic and non-atomic XStream
    serialization
  • Robustness enhancement: Timeout utility tries to repeatedly
    interrupt threads and notes that this is happening
    (PR#48)
  • Feature: Sandboxed access to upstream build information
    (JENKINS-31576)
  • ClassFilter entries to ensure the XStream/Remoting whitelist doesn't
    break Pipeline
  • Bugfix: Fix a Groovy memory leak introduced previously with the
    Timeout utility: ensure that the timeout threadpool cannot be
    lazy-initialized with a GroovyClassloader as its contextClassloader

v2.16

Release date: 2017-10-13

  • JENKINS-26148 Create
    a default implementation of StepExecution.stop
  • Add a WithThreadName utility to give threads more meaningful names
    for debugging

v2.15

Release date: 2017-09-26

  • JENKINS-26137
    Integrate patched version of JBoss Marshalling with better
    diagnostics 
  • JENKINS-38223
    /
    JENKINS-45553
    Massively improve performance of pipeline with numerous parallel
    branches by using the new isActive API from workflow-api 2.22.
  • JENKINS-37324
    followup: Add an arguments column to the FlowGraphTable display
  • JENKINS-36528
    Fix Environment Variables Handling: Include AbstractBuild Env vars
    in build variables
  • Optimization: eliminate need for reflection when calling
    getChangeSets
    #​41

v2.14

Release date: 2017-03-31

  • JENKINS-42952
    Make currentBuild.duration work.
  • JENKINS-42521
    Added a currentResult property and resultIsBetterOrEqualTo /
    resultIsWorseOrEqualTo methods to currentBuild and the return
    value of build.
  • JENKINS-40934
    Speedup of log-related code run when adding a new step when using a
    massive number of parallel branches.
  • Robustness fix noted in
    JENKINS-26137.
  • Robustness fix associated with
    JENKINS-42556:
    tolerate errors encountered when printing progress of build
    resumption tasks.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner August 27, 2024 09:33
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 3 times, most recently from 80def24 to 2a5604b Compare August 30, 2024 12:48
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 7 times, most recently from e90d42b to a9d4794 Compare September 12, 2024 07:17
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 7 times, most recently from 0239f99 to a4975d6 Compare September 17, 2024 11:11
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 2 times, most recently from 7e62e9b to 9166d35 Compare September 26, 2024 07:23
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 8 times, most recently from 103148b to b62bd81 Compare October 8, 2024 11:00
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 2 times, most recently from 0a4081a to ccd6681 Compare October 9, 2024 09:36
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 6 times, most recently from bdc90b4 to 77074ed Compare December 3, 2024 10:02
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 7 times, most recently from 12942da to cc28c63 Compare December 12, 2024 15:33
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 3 times, most recently from e29f9b1 to 0fa2bb7 Compare December 23, 2024 11:34
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 3 times, most recently from 0b79a9c to 27dd747 Compare January 3, 2025 11:29
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch 8 times, most recently from dfe2565 to eefdd89 Compare January 9, 2025 13:21
@renovate renovate bot force-pushed the renovate/maven-org.jenkins-ci.plugins.workflow-workflow-support-vulnerability branch from eefdd89 to 4b504a8 Compare January 9, 2025 14:30
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants