Branch: refs/heads/master Home: https://github.com/jenkinsci/testcomplete-plugin Commit: 971003ea578a090ed9a5b9487acb9d2aa93645d3 https://github.com/jenkinsci/testcomplete-plugin/commit/971003ea578a090ed9a5b9487acb9d2aa93645d3 Author: osamasalem <osama.sa...@smartbear.com> Date: 2023-02-03 (Fri, 03 Feb 2023)
Changed paths: M pom.xml M src/main/java/com/smartbear/jenkins/plugins/testcomplete/parser/LogNodeUtils.java Log Message: ----------- * Resolving the threat SECURITY-2741 / CVE-2023-24443 XXE vulnerability in TestComplete support Plugin SECURITY-2741 / CVE-2023-24443 Severity (CVSS): High Affected plugin: TestComplete Description: TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows attackers able to control the zip archive input file for the 'TestComplete Test' build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. Commit: 81dbc255869e76f40132d64c3ec70fbf54e0768a https://github.com/jenkinsci/testcomplete-plugin/commit/81dbc255869e76f40132d64c3ec70fbf54e0768a Author: osamasalem <osama__sa...@hotmail.com> Date: 2023-02-03 (Fri, 03 Feb 2023) Changed paths: M pom.xml Log Message: ----------- Update pom.xml Co-authored-by: Mark Waite <mark.earl.wa...@gmail.com> Commit: cfb0fc3cd807cb72c24424cef98ce39710f2e5fb https://github.com/jenkinsci/testcomplete-plugin/commit/cfb0fc3cd807cb72c24424cef98ce39710f2e5fb Author: Filin Igor <796310+melli...@users.noreply.github.com> Date: 2023-02-06 (Mon, 06 Feb 2023) Changed paths: M pom.xml M src/main/java/com/smartbear/jenkins/plugins/testcomplete/parser/LogNodeUtils.java Log Message: ----------- Merge pull request #10 from SmartBear/Solve-xxe-threat * Resolving XXE threat SECURITY-2741 / CVE-2023-24443 Compare: https://github.com/jenkinsci/testcomplete-plugin/compare/194ae55ccc15...cfb0fc3cd807 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/testcomplete-plugin/push/refs/heads/master/194ae5-cfb0fc%40github.com.