Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cryptacular to 1.2.4 #86

Merged
merged 2 commits into from
Apr 1, 2020
Merged

Update cryptacular to 1.2.4 #86

merged 2 commits into from
Apr 1, 2020

Conversation

richbg
Copy link

@richbg richbg commented Mar 31, 2020
edited
Loading

Updating a potential denial of service issue in cryptacular
Updating pac4j to 3.8.2 to pull in changes requires a major rewrite of the plugin

configured dependency management for cryptaclur to 1.2.4 to resolve CVE-2020-7226.

See JENKINS-XXXXX.

Submitter checklist

  • JIRA issue is well described
  • Appropriate autotests or explanation to why this change has no tests

@kuisathaverat let me know if you want a Jenkins Issue for this.

@richbg
Bumps configuration-as-code from 1.30 to 1.38, java-support from 7.5.…
39e18de 
…0 to 7.5.1 and set depenency management for cryptaclur to 1.2.4 to resolve CVE-2020-7226. Updating pac4j to 3.8.2 to pull in changes requires a major re-write of the plugin
@richbg
fix tests
6d4e3e2
Vlatombe
Vlatombe reviewed Apr 1, 2020
View reviewed changes
pom.xml
@@ -134,6 +134,10 @@ under the License.
<artifactId>java-support</artifactId>
<version>7.2.0</version>
<exclusions>
<exclusion>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Provided by Jenkins core

@kuisathaverat
Copy link

Updating pac4j to 3.8.2 to pull in changes requires a major rewrite of the plugin

It is not possible because uses Spring 5.x and the Jenkins core uses 2.5 see #68

@kuisathaverat kuisathaverat merged commit e39e9fc into jenkinsci:master Apr 1, 2020
@richbg
Copy link
Author

richbg commented May 14, 2020

@kuisathaverat would you mind cutting a release that includes this change?

@kuisathaverat
Copy link

kuisathaverat commented May 14, 2020
edited
Loading

@richbg done.

@jphartley
Copy link

Thank You @kuisathaverat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vlatombe Vlatombe Vlatombe approved these changes

@kuisathaverat kuisathaverat kuisathaverat approved these changes

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@richbg @kuisathaverat @jphartley @Vlatombe